zaneclaes / network-traffic-metrics

Monitor network traffic with Prometheus & Grafana
102 stars 21 forks source link

Network Traffic Metrics

See all the inbound and outbound traffic for your network, broken down by server and client.

Network traffic (bytes and packets) are exported to Prometheus, labeled with src, dst, service, and proto.

Comes with a pre-built Grafana dashboard:

Grafana Dashboard


Read the website for more help.


The device which runs this code must have a network interface across which the traffic flows. For monitoring traffic between the internal network and the internet, this usually means a bridged network interface. For example, a Raspberry Pi that bridges the LAN (eth0) traffic to the WAN (eth1). See the documentation for more help setting this up. That said, this will work for any network interface you wish to monitor.



Python >= 3.7 is required.

Then run using the arguments described in the Configuration section, below.

Example: monitor in/out traffic for the subnet:

python3 "src net or dst net"

Then open your internet browser to http://localhost:8000/metrics to see the Prometheus endpoint.


Note: the container must run on the host network if you want to monitor the LAN traffic as oppposed to the traffic between containers. This should be done with caution, as it may create a security vulnerability.

There are two Docker images provided:

Choose the latter if running on a Raspberry Pi.


There is a docker-compose.yml file that integrates network-traffic-metrics with Pormetheus and Grafana in a single file. Before running it, change the following parameters:

Once you have changed those variables, you can run the whole stack running:

sudo docker-compose up


A sample Kubernetes deployment can be found at kubernetes.yaml.


You should, at a minimum, provide the positional filters argument to limit the packets which are captured to those which you are interested in. These filters are passed directly to tcpdump (man).

Running the script with the --help flag gives:

usage: [-h] [--interface INTERFACE] [--port PORT]
                                  [--metric_prefix METRIC_PREFIX] [--fqdn]

positional arguments:
  filters               The TCPdump filters, e.g., "src net"

optional arguments:
  -h, --help            show this help message and exit
  --interface INTERFACE, -i INTERFACE
                        The network interface to monitor.
  --port PORT, -p PORT  The Prometheus metrics port.
  --metric_prefix METRIC_PREFIX, -s METRIC_PREFIX
                        Metric prefix (group) for Prometheus
  --fqdn, -f            Include the FQDN (will increase cardinality of metrics

Each one of these may also be configured as an environment variable: NTM_FILTERS, NTM_INTERFACE, NTM_PORT, NTM_METRIC_PREFIX (useful when using Docker/Kubernetes).


Just point the Prometheus server to the metrics endpoint (i.e.,


How it works