Network Monitoring Basics

Why Monitor Your Network?

Network monitoring helps you detect problems before they become serious: unauthorized devices, bandwidth hogs, suspicious connections, or services that have stopped responding. Even basic monitoring gives you visibility into what is happening on your network.

Essential Tools: ping and traceroute

ping

Tests whether a host is reachable and measures round-trip time:

# Ping a host (Ctrl+C to stop on Linux)
ping 1.1.1.1

# Send only 4 pings
ping -c 4 google.com

What to look for:

Response time: Under 50ms is good for most connections
Packet loss: Any loss above 0% indicates a problem
"Request timed out": The host is unreachable or blocking pings

traceroute (Linux) / tracert (Windows)

Shows the path packets take to reach a destination:

# Linux
traceroute google.com

# Windows
tracert google.com

Each line shows a "hop" (router) along the path. Useful for identifying where a connection problem occurs.

Checking Open Ports

Using ss (Linux)

# Show all listening ports
ss -tlnp

# Show all active connections
ss -tnp

-t TCP connections

-l Listening (waiting for connections)

-n Show port numbers (not service names)

-p Show the process using the port

Using netstat (Windows)

# Show all listening ports with process IDs
netstat -ano | findstr LISTENING

# Show all active connections
netstat -ano

💡

Unexpected open ports?

If you see ports you do not recognize, investigate the process using them. Unexpected listeners could indicate malware or misconfigured services.

Bandwidth Monitoring

iftop (Linux)

A real-time bandwidth monitor for Linux:

sudo apt install iftop
sudo iftop -i eth0

Shows which connections are using bandwidth in real time, sorted by usage.

Resource Monitor (Windows)

Press Ctrl + Shift + Esc to open Task Manager, then click "Open Resource Monitor." The Network tab shows per-process bandwidth usage.

Detecting Unusual Traffic

Signs that something may be wrong on your network:

Unexpected outbound connections to unknown IP addresses
High bandwidth usage when no one is actively using the network
New devices appearing in your router's connected device list
DNS queries to suspicious or unfamiliar domains
Connections on unusual ports (especially high-numbered ports)

If you detect suspicious activity:

Identify the source device and process
Run an antivirus scan on the suspected device
Change WiFi and router passwords if unauthorized devices are found
Review firewall rules for gaps

Summary

In this tutorial, you learned:

Essential tools: ping, traceroute, ss/netstat
How to check for open ports and identify processes
Monitoring bandwidth with iftop and Resource Monitor
Signs of unusual network activity and how to respond

🎉

You can now see what is happening on your network!

Regular monitoring helps you catch problems early. Consider checking your network at least once a month for unexpected changes.