This person on Reddit wanted to monitor the sites their kids access
I came across this Reddit post yesterday (you can access it on Reddit by clicking here):
Title: TP Link router – best way to monitor traffic / sites accessed, etc
Body: Have a pretty standard tp link type router – would like to be able to monitor what sites/etc the kids access – the logs avail by logging into the admin area don’t seem to give anything – and can’t tell which device/etc – what do folks use to monitor traffic on home networks easily?
I was curious about how I might achieve the same thing. For the record, I also have a TP-Link router. It’s a standard office/home-use router with most of the features one expects to find in its network portal.
A comment in the same thread suggested intercepting the traffic before it reaches the router. That seemed like a decent idea. I knew I would need to use some sort of Linux environment or distribution to run anything capable of intercepting such traffic. (How do I know? Well, as embarrassing as it is, I’ve tried to do some pretty heavy tasks on Mac or Windows in the past, failing each time. I don’t have a dedicated Linux machine, and making my PC Linux-only isn’t practical for my use case since I mostly do tasks that normal users would.) So I fired up Docker. The Docker version I had was outdated, so I uninstalled it and reinstalled it from Docker’s website.
After installing Docker, I followed the setup steps (they added several extra verification steps: device test, email authentication, etc. If not verified, any Docker command returns an “invalid container image” error).
Once Docker was fully set up, I moved to the next step: installing Pi-hole.
Now, Pi-hole is a “Linux network-level advertisement and Internet tracker blocking application that acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network.” If you plan to experiment with Pi-hole, I highly recommend reading through its documentation first.
Next, I opened PowerShell (it’s important to open PowerShell and not another terminal, e.g., CMD or Bash). I could’ve used Docker’s GUI, but I preferred this way – it’s more intuitive, faster, and hassle-free.
First, I needed to create two directories in C:\. I used the following commands to make these directories and navigate into one of them:
mkdir C:\pihole\etc-pihole
mkdir C:\pihole\etc-dnsmasq.d
cd C:\piholeOnce these were made, I ran this command (you could also create a .yml file if you prefer, but I typed this directly into PowerShell):
docker run -d --name pihole--hostname pi.hole -e TZ="America/New_York"-e WEBPASSWORD="YourPassword" -e DNSMASQ_LISTENING="all"-p 53:53/tcp -p 53:53/udp -p 80:80-v C:\pihole\etc-pihole:/etc/pihole -v C:\pihole\etc-dnsmasq.d:/etc/dnsmasq.d--restart=unless-stopped `
pihole/pihole:latestIf you’re following along, you must change the timezone (-e TZ=”…”) and set a unique password (-e WEBPASSWORD=”…”).
Once this was done, I opened PowerShell and ran the ipconfig command. The terminal returned multiple IP addresses; the one I was concerned with was the IPv4 address (in the format xxx.xxx.x.xxx).
I copied this IP address and headed to the router settings (usually available at 192.168.1.1 or 192.168.8.1). I logged in (fun fact: the default password is often admin). I navigated to the Network tab and then to LAN settings. Here, in the PRIMARY DNS field, I entered my IPv4 address (xxx.xxx.x.xxx). After saving the settings, I rebooted the router.
Next, I opened this address in an incognito browser tab (incognito is needed since cookies from logged-in Chrome sessions can interfere with Pi-hole):
http://xxx.xxx.x.xxx/adminThis page appears:
Here, I needed to input the password I had set. Initially, the page kept returning a “Wrong Password” error. From what I could figure out, Pi-hole sometimes fails to verify the password in Docker and returns an error. The fix was to change the password using:
docker exec -it pihole pihole -a setpasswordThis worked for me. I had trouble finding this solution because most online forums list the wrong command:
docker exec -it pihole pihole -a -pWe must use setpassword instead of -p.
Once the password was changed, I was able to log into Pi-hole. This is the dashboard (your stats may vary):
To see all the logs and internet requests, I navigated to the Query Log tab – this is where the real magic happens:
And it was done! Here are all the query logs on my network. It was really interesting to watch. If you’ve followed these steps, try opening any website or app on a device connected to the same network. The name (address) of that website or app will appear in the log! For example, I opened WhatsApp, and it appeared in the list. When I sent a message, a Facebook (Meta) service was used to deliver it – pretty cool.
To explain the process a bit: my PC essentially became a toll station for all traffic between the router and the devices. Normally, devices communicate directly with the router. In this case, devices think my PC (whose IPv4 address is in the router settings) is the router. My PC receives all traffic, logs it, and then forwards it to the router.
One limitation I identified: this method is not enforceable. If I turn on a VPN on any device, it bypasses Pi-hole and goes straight to the router. I am planning to explore a few potential workarounds for this, such as configuring network-wide VPN rules or using a firewall to block VPN traffic, but that will require more advanced setup and testing.
Overall, it was a really interesting experiment. It was satisfying to see exactly which services and websites my devices were accessing. For anyone looking to monitor traffic at home, this method works well for casual monitoring, though it’s important to note its limitations with VPNs and encrypted traffic.
-faiq
P.S. To stop Pi-hole, use the command docker stop pihole. This allows Pi-hole to shut down gracefully.
Comments
Nerd
Leave a comment