24 KiB
FSSlc translating
Bringing a Bunch of Best Known Linux Network Tools
It is very useful to use command line tools to monitor the network on your system and there are a tons of them out there available for the linux user such as nethogs, ntopng, nload, iftop, iptraf, bmon, slurm, tcptrack, cbm, netwatch, collectl, trafshow, cacti, etherape, ipband, jnettop, netspeed and speedometer.
Since there are many linux gurus and developers out there it is obvious that other network monitoring tools exist but I am not going to cover all of them in this tutorial.
Each one of the above tools has its own specifics but at the end all they do is monitor network traffic and there is not really only one way to do the job. For example nethogs can be used to show bandwidth per process in case you want to know the application which is consuming your entire network resources, iftop can be used to show bandwidth per socket connection and tools like nload help to get information about the overall bandwidth.
1) nethogs
nethogs is a free tool that is very handy when it comes to find out which PID is causing the trouble with your network traffic as it groups bandwidth by process instead of breaking the traffic down per protocol or per subnet, like most tools do. It is feature rich, supports both IPv4 and IPv6 and in my opinion is the best utility when you want to identify programs that are consuming all your bandwidth on your linux machine.
A linux user can use nethogs to show TCP download and upload-speed per process, monitor a specific device by using the command nethogs eth0 where eth0 is the name of the device you want to get information from and also get information on the speed at which the data is currently being transferred.
To me nethogs is very easy to use, maybe because I like it so much that I use it all the time to monitor network bandwidth on my Ubuntu 12.04 LTS machine.
For example to sniff in promiscious the option -p is used like shown in the following command.
nethogs -p wlan0
If you like to learn more about nethogs and explore it in a very deep way than don't hesitate to read our full tutorial on this network bandwidth monitoring tool.
2) nload
nload is a console application which can be used to monitor network traffic and bandwidth usage in real time and it also visualizes the traffic by providing two easy to understand graphs. This cool network monitoring tool can also be used to switch between devices while monitoring and this can be done by pressing the left and right arrow keys.
As you can see from the above screenshot graphs provided by the nload tool are very easy to understand, provide useful information and also display additional info like total amount of transferred data and min/max network usage.
And what is even cooler is the fact that you can run the tool nload with the help of the following command which seems to be very short and easy to remember.
nload
I am very sure that our detailed tutorial on how to use nload will help new linux users and even experienced ones that are looking for more information on it.
3) slurm
slurm is another network load monitoring tool for linux which shows results in a nice ascii grap and it also supports many keys for interaction such as c to switch to classic mode, s to switch to split graph mode, r to redraw the screen, L to enable TX/RX led, m to switch between classic split and large view, and q to quit slurm.
There are also some other keys available in the network load monitoring tool slurm and you can easily study them in the manual page by using the following command.
man slurm
slurm is available in the official repos of Ubuntu and Debian so users of these distros can easy download it by using the apt-get install command like shown below.
sudo apt-get install slurm
We have covered slurm usage on a tutorial so please visit it and do not forget to share the knowledge with other linux friends.
4) iftop
iftop is a very useful tool when you want to display bandwidth usage on an interface by host. According to the manual page iftop listens to network traffic on a named interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts.
Ubuntu and Debian users can easily install iftop on their machines by using the following command on a terminal.
sudo apt-get install iftop
Use the following command to install iftop on your machine using yum
yum -y install iftop
5) collectl
collectl can be used to collect data that describes the current system status and it supports the following modes:
- Record Mode
- Playback Mode
Record Mode allows to take data from a live system and either display it on a terminal or writte to one or more files or a socket.
Playback Mode
According to the manual pages in this mode data is read from one or more data files that were generated in Record Mode.
Ubuntu and Debian users can use their default package manager to install collectl on their machines. The following command will do the job for them.
sudo apt-get install collectl
Use the following command because these distros have collectl in their official repos too.
yum install collectl
6) Netstat
Netstat is a command line tool for monitoring incoming and outgoing network packets statistics as well as interface statistics. It displays network connections for the Transmission Control Protocol (both incoming and outgoing),routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.
Ubuntu and Debian users can use the default package manager to install netstat on their box. Netstat software includes inside the package net-tools. And can be installed by running the below commands in a shell or terminal:
sudo apt-get install net-tools
CentOS, Fedora, RHEL users can use the default package manager to install netstat on their box. Netstat software includes inside the package net-tools. And can be installed by running the below commands in a shell or terminal:
yum install net-tools
Simply, run the following to monitor the network packet statistic with Netstat:
netstat
For more information or manual about netstat, we can simply type man netstat in a shell or terminal:
man netstat
7) Netload
The netload command just displays a small report on the current traffic load, and the total number of bytes transferred since the program start. No more features are there. Its part of the netdiag.
We can install Netload using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository .
# yum install netdiag
Netload is available in the default repository as a part of netdiag so, we can easily install netdiag using apt manager using the command below.
$ sudo install netdiag
To run netload, we must make sure to choose a working network interface name like eth0, eh1, wlan0, mon0, etc. And run the following command accordingly in a shell or a terminal.
$ netload wlan2
Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.
8) Nagios
Nagios is a leading open source powerful monitoring system that enables network/system administrators to identify and resolve server related problems before they affect major business processes. With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches, Routers and Printers on a single window. It shows critical warnings and indicates if something went wrong in your network/server which indirectly helps you to begin remediation processes before they occur.
Nagios has a web interface in which there is a graphical monitor of activities. One can login to the web interface by browsing to the url http://localhost/nagios/ or http://localhost/nagios3/ . Please replace localhost with your IP-address if on remote machine. Then enter the username and pass then, we'll get to see the information like shown below.
9) EtherApe
EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes and support interfaces Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. Hosts and links change in size with traffic and color coded protocols display. It can filter traffic to be shown, and can read packets from a file as well as live from the network.
It is easy to install etherape in CentOS, Fedora, RHEL distributions of Linux cause they are available default on their official repository. We can use yum manager to install it with the command shown below:
yum install etherape
We can install EtherApe on Ubuntu, Debian and their derivatives using apt manager with the below command.
sudo apt-get install etherape
After EtherApe is installed on the system, we'll need to run etherape in root permission as:
sudo etherape
Then, the GUI of etherape will be executed. Then, up in the menu we can select the Mode (IP, Link Layer, TCP) and Interface under Capture. After everything are set, we'll need to click Start button. Then, we'll gonna see something like this.
10) tcpflow
tcpflow is a command line utility that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. It reconstructs the actual data streams and stores each flow in a separate file for later analysis. It understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery .
Installing tcpflow in Ubuntu, Debian system is easy via apt manager as it is available by default in the official repository.
$ sudo apt-get install tcpflow
We can install tcpflow in Fedora, CentOS, RHEL and their derivatives from repository using yum manager as shown below.
# yum install tcpflow
If it is not available in the repository or can't be installed via yum manager, we need to install manually from http://pkgs.repoforge.org/tcpflow/ as shown below.
If you are running 64 bit PC:
# yum install --nogpgcheck http://pkgs.repoforge.org/tcpflow/tcpflow-0.21-1.2.el6.rf.x86_64.rpm
If you are running 32 bit PC:
# yum install --nogpgcheck http://pkgs.repoforge.org/tcpflow/tcpflow-0.21-1.2.el6.rf.i686.rpm
We can use tcpflow to capture all/some tcp traffic and put it in an easy to read file. The below command does what we want but we'll need to run that command in an empty directory as it creates files of the format x.x.x.x.y-a.a.a.a.z and after done, just press Control-C that command to stop it.
$ sudo tcpflow -i eth0 port 8000
Note: Please replace eth0 with the interface of the card you are trying to capture.
11) IPTraf
IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.
IPTraf is available in the default repository so, we can easily install IPTraf using apt manager using the command below.
$ sudo apt-get install iptraf
IPTraf is available in the default repository so, we can easily install IPTraf using yum manager using the command below.
# yum install iptraf
We need to run TPTraf in administration permission with a valid network interface name. Here, we have wlan2 so, we'll be using wlan2 as interface name.
$ sudo iptraf
To start the general interface statistics, enter:
# iptraf -g
To see the detailed statistics facility on an interface called eth0
# iptraf -d wlan2
To see the TCP and UDP monitor on an interface called eth0
# iptraf -z wlan2
To displays the packet size counts on an interface called eth0
# iptraf -z wlan2
Note: Please replace wlan2 with your interface name. You can check your interface by running command ip link show .
12) Speedometer
Speedometer is a small and simple tool that just draws out good looking graphs of incoming and outgoing traffic through a given interface.
Speedometer is available in the default repository so, we can easily install Speedometer using yum manager using the command below.
# yum install speedometer
Speedometer is available in the default repository so, we can easily install Speedometer using apt manager using the command below.
$ sudo apt-get install speedometer
Speedometer can simply be run by executing the following command in a shell or a terminal.
$ speedometer -r wlan2 -t wlan2
Note: Please replace wlan2 with the network interface name you would like to use.
13) Netwatch
Netwatch is part of the netdiag collection of tools, and it too displays the connections between local host and other remote hosts, and the speed at which data is transferring on each connection.
We can install Netwatch using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository .
# yum install netwatch
Netwatch is available in the default repository as a part of netdiag so, we can easily install netdiag using apt manager using the command below.
$ sudo install netdiag
To run netwatch, we'll need to execute the following command in a terminal or shell.
$ sudo netwatch -e wlan2 -nt
Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.
14) Trafshow
Trafshow reports the current active connections like netwatch and pktstat, trafshow, their protocol and the data transfer speed on each connection. It can filter out connections using pcap type filters.
We can install Netwatch using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository .
yum install trafshow
Trafshow is available in the default repository so, we can easily install it using apt manager using the command below.
$ sudo install trafshow
To monitor using trafshow, we'll need to run the following command in a shell or terminal.
$ sudo trafshow -i wlan2
To monitor specifically tcp connections add tcp as shown below.
$ sudo trafshow -i wlan2 tcp
Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.
15) Vnstat
Vnstat is bit different from most of the other tools. It actually runs a background service/daemon and keeps recording the size of data transfer all the time. Next it can be used to generate a report of the history of network usage.
We'll need to turn on EPEL Repository then run yum manager to install vnstat.
# yum install vnstat
Vnstat is available in the default repository. So, we can run apt manager to install it using the following command.
$ sudo apt-get install vnstat
Running vnstat without any options would simply show the total amount of data transfer that took place since the date the daemon is running.
$ vnstat
To monitor the bandwidth usage in realtime, use the '-l' option (live mode). It would then show the total bandwidth used by incoming and outgoing data, but in a very precise manner without any internal details about host connections or processes.
$ vnstat -l
After done, press Ctrl-C to stop which will result the following type of output
16) tcptrack
tcptrack displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
As tcptrack is in the repository , we can simply install tcptrack in Debian, Ubuntu from their repository using apt manager. To do so, we'll need to execute the following command in a shell or terminal:
$ sudo apt-get install tcptrack
We can install it using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository . To do so, we'll need to run the following commands.
# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# rpm -Uvh rpmforge-release*rpm
# yum install tcptrack
Note: Here, we have downloaded current latest version of rpmforge-release ie 0.5.3-1 . You can always get the latest version from rpmforge repository and do replace with that you downloaded in the above command.
tcptrack needs to be run in root permission or superuser. We'll need to execute tcptrack with the network interface name we wanna monitor the TCP connections of. Here, we've wlan2 so will be using that as:
sudo tcptrack -i wlan2
If you wanna monitor of specific ports then:
# tcptrack -i wlan2 port 80
Please replace 80 with the port number you wanna monitor .Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.
17) CBM
The CBM or Color Bandwidth Meter displays current traffic of all network device. This program is so simple that is should be self-explanatory. Source code and newer versions of CBM are available at http://www.isotton.com/utils/cbm/ .
As CBM is in the repository , we can simply install CBM in Debian, Ubuntu from their repository using apt manager. To do so, we'll need to execute the following command in a shell or terminal:
$ sudo apt-get install cbm
We simply need to run cbm in a shell or terminal as shown below:
$ cbm
18) bmon
Bmon or Bandwidth Monitoring is a tool that intended for debugging and monitor bandwidth in real-time access. This tool is capable to retrieving statistics from various input modules. It provides various output methods including a curses based interface,lightweight HTML output but also formatable ASCII output.
bmon is available in the repository, so we can install it in Debian, Ubuntu from their repository using apt manager. To do so, we'll need to run the following command in a shell or terminal.
$ sudo apt-get install bmon
We can run bmon and monitor our bandwidth status using the command below.
$ bmon
19) tcpdump
TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. It prints out a description of the contents of packets on a network interface that match the boolean expression.
tcpdump is available in the default repository of Debian, Ubuntu so, we can simply use apt manager to install it under sudo privilege . To do so, we'll need to run the following command in a shell or terminal.
$ sudo apt -get install tcpdump
tcpdump is also available in the repository of Fedora, CentOS, RHEL so, we can install it via yum manager as:
# yum install tcpdump
tcpdump needs to be run in root permission or superuser. We'll need to execute tcpdump with the network interface name we wanna monitor the TCP connections of. Here, we've wlan2 so will be using it as:
$ sudo tcpdump -i wlan2
If you want to monitor to a specific port only, then can run the command as follows. Here is the example for port 80 (webserver).
$ sudo tcpdump -i wlan2 'port 80'
20) ntopng
[ntopng][20] is the next generation version of the original ntop. It is a network probe that shows network usage in a way similar to what top does for processes. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well.
To install ntopng in Debian, Ubuntu system, we'll first need to install the required dependencies packages to compile ntopng. You can install them all by running the below command in a shell or a terminal.
$ sudo apt-get install libpcap-dev libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev build-essential checkinstall
Now, we'll need to manually compile ntopng for our system as:
$ sudo wget http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.1_6932.tgz/download
$ sudo tar zxfv ntopng-1.1_6932.tgz
$ sudo cd ntopng-1.1_6932
$ sudo ./configure
$ sudo make
$ sudo make install
Now, you should have your ntopng installed in your Debian or Ubuntu system.
We have already covered tutorial on ntopng usages. It is available in both command line and web interface. We can go ahead to get knowledge on it.
Conclusion
In this first part we covered some network load monitoring tools for linux that are very helpful to a sysadmin and even a novice user. Each one of the tools covered in this article has its own specifics, different options but at the end they all help you to monitor your network traffic.
via: http://linoxide.com/monitoring-2/network-monitoring-tools-linux/
作者:Bobbin Zachariah 译者:译者ID 校对:校对者ID