How to monitor router traffic?


#1

Is there a way to monitor accepted/rejected traffic with the router UI? Someone has been making a concerted effort to hack my network. My last router (ASUS) provided this info. Unfortunately it could not keep them out.
If the UI does not provide this info, can anyone suggest alternative methods (e.g. good utilities?)


#3

@martintomsom

Are you referring to firewall logging for troubleshooting purposes ?

Basically you can enable firewall logging to know what traffics are accepted/rejected. For more information, please refer to the attached screenshot.

Enable firewall logging:

You can view the firewall logging at Event log or Remote Syslog server:

Event log


*
*
Remote Syslog server

P/S: We recommend to turn on firewall logging for troubleshooting purposes only.


#4

This is what I’m looking for. Thank you! Also, if you have suggestions regarding 3rd-party intrusion detection software, I would appreciate it.

EDIT: I created rules logging accepted and denied traffic, both inbound and outbound. I see no denied traffic. Is there a way to test that the denied traffic logging is working?


#5

I believe you will know which services are being denied. Just test on the denied service! For example if outbound TCP 23 was denied, you may telnet any public IP. This will be logged.


#6

I noticed that the status page never shows any inbound traffic at all on the active sessions.
So I created firewall rules that would log all inbound traffic and even then I see nothing in the event logs.


#7

Then this means that there is no active inbound traffic or connection attempts for the firewall to deny. This is a good thing :+1:

Thanks!