TranslateProject/sources/tech/20150227 Bringing a Bunch of Best Known Linux Network Tools.md
2015-02-27 19:26:49 +08:00

24 KiB

Bringing a Bunch of Best Known Linux Network Tools

It is very useful to use command line tools to monitor the network on your system and there are a tons of them out there available for the linux user such as nethogs, ntopng, nload, iftop, iptraf, bmon, slurm, tcptrack, cbm, netwatch, collectl, trafshow, cacti, etherape, ipband, jnettop, netspeed and speedometer.

Since there are many linux gurus and developers out there it is obvious that other network monitoring tools exist but I am not going to cover all of them in this tutorial.

Each one of the above tools has its own specifics but at the end all they do is monitor network traffic and there is not really only one way to do the job. For example nethogs can be used to show bandwidth per process in case you want to know the application which is consuming your entire network resources, iftop can be used to show bandwidth per socket connection and tools like nload help to get information about the overall bandwidth.

1) nethogs

nethogs is a free tool that is very handy when it comes to find out which PID is causing the trouble with your network traffic as it groups bandwidth by process instead of breaking the traffic down per protocol or per subnet, like most tools do. It is feature rich, supports both IPv4 and IPv6 and in my opinion is the best utility when you want to identify programs that are consuming all your bandwidth on your linux machine.

A linux user can use nethogs to show TCP download and upload-speed per process, monitor a specific device by using the command nethogs eth0 where eth0 is the name of the device you want to get information from and also get information on the speed at which the data is currently being transferred.

To me nethogs is very easy to use, maybe because I like it so much that I use it all the time to monitor network bandwidth on my Ubuntu 12.04 LTS machine.

For example to sniff in promiscious the option -p is used like shown in the following command.

nethogs -p wlan0

If you like to learn more about nethogs and explore it in a very deep way than don't hesitate to read our full tutorial on this network bandwidth monitoring tool.

2) nload

nload is a console application which can be used to monitor network traffic and bandwidth usage in real time and it also visualizes the traffic by providing two easy to understand graphs. This cool network monitoring tool can also be used to switch between devices while monitoring and this can be done by pressing the left and right arrow keys.

network monitoring tools in linux

As you can see from the above screenshot graphs provided by the nload tool are very easy to understand, provide useful information and also display additional info like total amount of transferred data and min/max network usage.

And what is even cooler is the fact that you can run the tool nload with the help of the following command which seems to be very short and easy to remember.

nload

I am very sure that our detailed tutorial on how to use nload will help new linux users and even experienced ones that are looking for more information on it.

3) slurm

slurm is another network load monitoring tool for linux which shows results in a nice ascii grap and it also supports many keys for interaction such as c to switch to classic mode, s to switch to split graph mode, r to redraw the screen, L to enable TX/RX led, m to switch between classic split and large view, and q to quit slurm.

linux network load monitoring tools

There are also some other keys available in the network load monitoring tool slurm and you can easily study them in the manual page by using the following command.

man slurm

slurm is available in the official repos of Ubuntu and Debian so users of these distros can easy download it by using the apt-get install command like shown below.

sudo apt-get install slurm

We have covered slurm usage on a tutorial so please visit it and do not forget to share the knowledge with other linux friends.

4) iftop

iftop is a very useful tool when you want to display bandwidth usage on an interface by host. According to the manual page iftop listens to network traffic on a named interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts.

Ubuntu and Debian users can easily install iftop on their machines by using the following command on a terminal.

sudo apt-get install iftop

Use the following command to install iftop on your machine using yum

yum -y install iftop

5) collectl

collectl can be used to collect data that describes the current system status and it supports the following modes:

  • Record Mode
  • Playback Mode

Record Mode allows to take data from a live system and either display it on a terminal or writte to one or more files or a socket.

Playback Mode

According to the manual pages in this mode data is read from one or more data files that were generated in Record Mode.

Ubuntu and Debian users can use their default package manager to install collectl on their machines. The following command will do the job for them.

sudo apt-get install collectl

Use the following command because these distros have collectl in their official repos too.

yum install collectl

6) Netstat

Netstat is a command line tool for monitoring incoming and outgoing network packets statistics as well as interface statistics. It displays network connections for the Transmission Control Protocol (both incoming and outgoing),routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.

Ubuntu and Debian users can use the default package manager to install netstat on their box. Netstat software includes inside the package net-tools. And can be installed by running the below commands in a shell or terminal:

sudo apt-get install net-tools

CentOS, Fedora, RHEL users can use the default package manager to install netstat on their box. Netstat software includes inside the package net-tools. And can be installed by running the below commands in a shell or terminal:

yum install net-tools

Simply, run the following to monitor the network packet statistic with Netstat:

netstat

Netstat

For more information or manual about netstat, we can simply type man netstat in a shell or terminal:

man netstat

man netstat

7) Netload

The netload command just displays a small report on the current traffic load, and the total number of bytes transferred since the program start. No more features are there. Its part of the netdiag.

We can install Netload using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository .

# yum install netdiag

Netload is available in the default repository as a part of netdiag so, we can easily install netdiag using apt manager using the command below.

$ sudo install netdiag

To run netload, we must make sure to choose a working network interface name like eth0, eh1, wlan0, mon0, etc. And run the following command accordingly in a shell or a terminal.

$ netload wlan2

Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.

8) Nagios

Nagios is a leading open source powerful monitoring system that enables network/system administrators to identify and resolve server related problems before they affect major business processes. With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches, Routers and Printers on a single window. It shows critical warnings and indicates if something went wrong in your network/server which indirectly helps you to begin remediation processes before they occur.

Nagios has a web interface in which there is a graphical monitor of activities. One can login to the web interface by browsing to the url http://localhost/nagios/ or http://localhost/nagios3/ . Please replace localhost with your IP-address if on remote machine. Then enter the username and pass then, we'll get to see the information like shown below.

Nagios3 on Chromium

9) EtherApe

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes and support interfaces Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. Hosts and links change in size with traffic and color coded protocols display. It can filter traffic to be shown, and can read packets from a file as well as live from the network.

It is easy to install etherape in CentOS, Fedora, RHEL distributions of Linux cause they are available default on their official repository. We can use yum manager to install it with the command shown below:

 yum install etherape

We can install EtherApe on Ubuntu, Debian and their derivatives using apt manager with the below command.

sudo apt-get install etherape

After EtherApe is installed on the system, we'll need to run etherape in root permission as:

sudo etherape

Then, the GUI of etherape will be executed. Then, up in the menu we can select the Mode (IP, Link Layer, TCP) and Interface under Capture. After everything are set, we'll need to click Start button. Then, we'll gonna see something like this.

EtherApe

10) tcpflow

tcpflow is a command line utility that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. It reconstructs the actual data streams and stores each flow in a separate file for later analysis. It understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery .

Installing tcpflow in Ubuntu, Debian system is easy via apt manager as it is available by default in the official repository.

$ sudo apt-get install tcpflow

We can install tcpflow in Fedora, CentOS, RHEL and their derivatives from repository using yum manager as shown below.

# yum install tcpflow

If it is not available in the repository or can't be installed via yum manager, we need to install manually from http://pkgs.repoforge.org/tcpflow/ as shown below.

If you are running 64 bit PC:

# yum install --nogpgcheck http://pkgs.repoforge.org/tcpflow/tcpflow-0.21-1.2.el6.rf.x86_64.rpm

If you are running 32 bit PC:

# yum install --nogpgcheck http://pkgs.repoforge.org/tcpflow/tcpflow-0.21-1.2.el6.rf.i686.rpm

We can use tcpflow to capture all/some tcp traffic and put it in an easy to read file. The below command does what we want but we'll need to run that command in an empty directory as it creates files of the format x.x.x.x.y-a.a.a.a.z and after done, just press Control-C that command to stop it.

 $ sudo tcpflow -i eth0 port 8000

Note: Please replace eth0 with the interface of the card you are trying to capture.

11) IPTraf

IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

IPTraf is available in the default repository so, we can easily install IPTraf using apt manager using the command below.

$ sudo apt-get install iptraf

IPTraf is available in the default repository so, we can easily install IPTraf using yum manager using the command below.

# yum install iptraf

We need to run TPTraf in administration permission with a valid network interface name. Here, we have wlan2 so, we'll be using wlan2 as interface name.

$ sudo iptraf

IPTraf

To start the general interface statistics, enter:

# iptraf -g

To see the detailed statistics facility on an interface called eth0

# iptraf -d wlan2

To see the TCP and UDP monitor on an interface called eth0

# iptraf -z wlan2

To displays the packet size counts on an interface called eth0

# iptraf -z wlan2

Note: Please replace wlan2 with your interface name. You can check your interface by running command ip link show .

12) Speedometer

Speedometer is a small and simple tool that just draws out good looking graphs of incoming and outgoing traffic through a given interface.

Speedometer is available in the default repository so, we can easily install Speedometer using yum manager using the command below.

# yum install speedometer

Speedometer is available in the default repository so, we can easily install Speedometer using apt manager using the command below.

$ sudo apt-get install speedometer

Speedometer can simply be run by executing the following command in a shell or a terminal.

 $ speedometer -r wlan2 -t wlan2

Speedometer

Note: Please replace wlan2 with the network interface name you would like to use.

13) Netwatch

Netwatch is part of the netdiag collection of tools, and it too displays the connections between local host and other remote hosts, and the speed at which data is transferring on each connection.

We can install Netwatch using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository .

# yum install netwatch

Netwatch is available in the default repository as a part of netdiag so, we can easily install netdiag using apt manager using the command below.

$ sudo install netdiag

To run netwatch, we'll need to execute the following command in a terminal or shell.

$ sudo netwatch -e wlan2 -nt

Netwatch

Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.

14) Trafshow

Trafshow reports the current active connections like netwatch and pktstat, trafshow, their protocol and the data transfer speed on each connection. It can filter out connections using pcap type filters.

We can install Netwatch using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository .

yum install trafshow

Trafshow is available in the default repository so, we can easily install it using apt manager using the command below.

$ sudo install trafshow

To monitor using trafshow, we'll need to run the following command in a shell or terminal.

$ sudo trafshow -i wlan2

Trafshow

To monitor specifically tcp connections add tcp as shown below.

 $ sudo trafshow -i wlan2 tcp

Trafshow tcp

Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.

15) Vnstat

Vnstat is bit different from most of the other tools. It actually runs a background service/daemon and keeps recording the size of data transfer all the time. Next it can be used to generate a report of the history of network usage.

We'll need to turn on EPEL Repository then run yum manager to install vnstat.

# yum install vnstat

Vnstat is available in the default repository. So, we can run apt manager to install it using the following command.

$ sudo apt-get install vnstat

Running vnstat without any options would simply show the total amount of data transfer that took place since the date the daemon is running.

$ vnstat

vnstat

To monitor the bandwidth usage in realtime, use the '-l' option (live mode). It would then show the total bandwidth used by incoming and outgoing data, but in a very precise manner without any internal details about host connections or processes.

 $ vnstat -l

Vnstat live mode

After done, press Ctrl-C to stop which will result the following type of output

Vnstat Live Result

16) tcptrack

tcptrack displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.

As tcptrack is in the repository , we can simply install tcptrack in Debian, Ubuntu from their repository using apt manager. To do so, we'll need to execute the following command in a shell or terminal:

$ sudo apt-get install tcptrack

We can install it using yum in fedora as it is in the default repository. But if you're running CentOS or RHEL, we'll need to install rpmforge repository . To do so, we'll need to run the following commands.

# wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

# rpm -Uvh rpmforge-release*rpm

# yum install tcptrack

Note: Here, we have downloaded current latest version of rpmforge-release ie 0.5.3-1 . You can always get the latest version from rpmforge repository and do replace with that you downloaded in the above command.

tcptrack needs to be run in root permission or superuser. We'll need to execute tcptrack with the network interface name we wanna monitor the TCP connections of. Here, we've wlan2 so will be using that as:

sudo tcptrack -i wlan2

tcptrack

If you wanna monitor of specific ports then:

# tcptrack -i wlan2 port 80

tcptrack port 80

Please replace 80 with the port number you wanna monitor .Note: Please replace wlan2 with the network interface name you wanna use. If you wanna scan for your network interface name run ip link show in a terminal or shell.

17) CBM

The CBM or Color Bandwidth Meter displays current traffic of all network device. This program is so simple that is should be self-explanatory. Source code and newer versions of CBM are available at http://www.isotton.com/utils/cbm/ .

As CBM is in the repository , we can simply install CBM in Debian, Ubuntu from their repository using apt manager. To do so, we'll need to execute the following command in a shell or terminal:

$ sudo apt-get install cbm

We simply need to run cbm in a shell or terminal as shown below:

$ cbm

Color Bandwidth Meter

18) bmon

Bmon or Bandwidth Monitoring is a tool that intended for debugging and monitor bandwidth in real-time access. This tool is capable to retrieving statistics from various input modules. It provides various output methods including a curses based interface,lightweight HTML output but also formatable ASCII output.

bmon is available in the repository, so we can install it in Debian, Ubuntu from their repository using apt manager. To do so, we'll need to run the following command in a shell or terminal.

$ sudo apt-get install bmon

We can run bmon and monitor our bandwidth status using the command below.

$ bmon

bmon

19) tcpdump

TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. It prints out a description of the contents of packets on a network interface that match the boolean expression.

tcpdump is available in the default repository of Debian, Ubuntu so, we can simply use apt manager to install it under sudo privilege . To do so, we'll need to run the following command in a shell or terminal.

$ sudo apt -get install tcpdump

tcpdump is also available in the repository of Fedora, CentOS, RHEL so, we can install it via yum manager as:

# yum install tcpdump

tcpdump needs to be run in root permission or superuser. We'll need to execute tcpdump with the network interface name we wanna monitor the TCP connections of. Here, we've wlan2 so will be using it as:

$ sudo tcpdump -i wlan2

tcpdump

If you want to monitor to a specific port only, then can run the command as follows. Here is the example for port 80 (webserver).

$ sudo tcpdump -i wlan2 'port 80'

tcpdump port

20) ntopng

[ntopng][20] is the next generation version of the original ntop. It is a network probe that shows network usage in a way similar to what top does for processes. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well.

To install ntopng in Debian, Ubuntu system, we'll first need to install the required dependencies packages to compile ntopng. You can install them all by running the below command in a shell or a terminal.

$ sudo apt-get install libpcap-dev libglib2.0-dev libgeoip-dev redis-server wget libxml2-dev build-essential checkinstall

Now, we'll need to manually compile ntopng for our system as:

$ sudo wget http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.1_6932.tgz/download
$ sudo tar zxfv ntopng-1.1_6932.tgz
$ sudo cd ntopng-1.1_6932
$ sudo ./configure
$ sudo make
$ sudo make install

Now, you should have your ntopng installed in your Debian or Ubuntu system.

We have already covered tutorial on ntopng usages. It is available in both command line and web interface. We can go ahead to get knowledge on it.

Conclusion

In this first part we covered some network load monitoring tools for linux that are very helpful to a sysadmin and even a novice user. Each one of the tools covered in this article has its own specifics, different options but at the end they all help you to monitor your network traffic.


via: http://linoxide.com/monitoring-2/network-monitoring-tools-linux/

作者:Bobbin Zachariah 译者:译者ID 校对:校对者ID

本文由 LCTT 原创翻译,Linux中国 荣誉推出