How to Monitor Home Network Traffic

I’m the “victim” of Comcast’s insanely-stupid 250 GB data cap — which is inclusive of all data transfers, uploads, and downloads (ack and syn). It’s caused me to become uber-paranoid about any network usage here at home. I was a Business Class subscriber up until recently, when I realized I could save a ton of money and get twice as much download speed. My pocketbook thanks me, but Comcast is forcing me into the corner of buyer’s remorse.

This morning, when I checked the barebones chart that Comcast offers me in their control panel (seriously, it’s a bar that doesn’t tell you squat other than where you are in terms of data usage for the month), I discovered that yesterday’s data transfer amount didn’t align with the changes that I thought I had made on my network. I had stopped all online backup services, shared file utilities like Dropbox, etc. Still, I had transferred an insane amount of data — above and beyond my expectations.

I needed to find a way to monitor network traffic without getting a certification in how to use 99% of the traffic monitoring applications out there. I run my network through a series of AirPort Extremes — which have been the best routers / bridges / access points I’ve ever used in any environment. I had something called “SNMP” (Simple Network Management Protocol) enabled, but no tool to better view the logs being generated.

Of course, I searched for “network monitoring tool” and found a glut of crap. In my journey, I discovered likely the most simple free packet sniffer for the Mac (Packet Peeper) — but that’s not what I needed for this task.

I decided to dive into the App Store, where a quick search for “network monitor” came up with only a handful of results. One of these tools was the SNMP Test Utility — a freebie which would tell you if you were eligible for the more comprehensive NetUse Traffic Monitor tool. After quite a bit of undue fuss (due to a poor user experience), I was finally able to get the SNMP tool to work — and then purchased the traffic monitor tool from there. This version, apparently, wasn’t much help.

I emailed the developers and they responded quickly with an updated version of the testing tool. In it, I was able to figure out more about which network interface I needed to watch: mgi1 (the WAN / Internet connection). Maybe, at some point, mgi0, bwl0, bwl1, lo0, wlan0, wlan1, and bridge0 will be interesting to monitor — but not for this exercise of trying to figure out which device on my network was causing the most amount of bandwidth transfers.

At this point, you have to manually enter your SNMP device’s IP address (my AirPort Extreme is and if you’ve not set a password, stick with the default (“public”). They don’t tell you that in the instructions! Either way, once it’s recognized, this is what I saw:

SNMP Monitor

Once I saw the mgi1 upload rate jumping at ~1MB a second, I knew I had a hole to fill — but the tool hasn’t been developed to the point where I could figure out which device was causing the data transfer. I started to unplug devices, one by one, until I believe I found the culprit: a simple security camera that was constantly streaming data out to a remote server even when it wasn’t being actively used. Ugh.

Thanks, Comcast, for forcing me to compromise my home security for the sake of playing by your anti-competitive rules. I’d flip back to Business Class Internet, but you’ve locked me into a two-year contract and I’d further lose thousands of dollars in savings with my Residential TV service over that time.

Either way, I’m grateful to have found the SNMP Test Utility to give me a better idea as to what was going on with data transfers on my home network. It’s not perfect, and they definitely have a TON of improvements to make, but at least I was able to better know exactly how much I was transferring across the network (and when).

The next step: finding a tool to better help me monitor specific device data usage on my home network. Maybe the NetUse Traffic Monitor tool will get there soon?