How to Monitor Network Traffic in Linux
2012-04-24 11:32
363 查看
I recently covered three utilities you can use to monitor your system resources in Linux. One of those programs,
Note: You’ll need to be root to run most, if not all, of these commands.
iftop I’ve used
Basic Usage
iftop -i wlan0 -BThere’s a lot of information displayed on the screen, but it is formatted intelligently and quickly becomes easy to digest. Here is what the basic screen is showing you, when you first launch
As you can see, the display is packed full of useful information (click on the image above for a larger version). Don’t worry if it’s a little overwhelming at first; it won’t take long to get used to reading the display, and you’ll appreciate having all this information available so quickly.
Now let’s move on to some of the more powerful features that
Filtering networks, hosts, and ports
While it’s nice to see all the hosts your computer is talking to, it’s often the case that you’re only interested in a certain segment of the network.
For example, to view only traffic going from your local machine to google.com over eth0, you could run:
iftop -i eth0 -f “dst host google.com”Or to see only ssh traffic over wlan0:
iftop -i wlan0 -f “dst port 22″Additionally,
Controlling the interface and the online help
Once you’ve got the information you want on the screen, you’ll need to be able to move around and tweak the exact output. There are many options, and the easiest thing to do is just hit the
Notice that you can toggle things like hostname and port resolution, port display, and whether iftop sorts by destination or source. Showing connections by port is useful for monitoring throughput on programs that create many connections, while turning DNS resolution on might make it easier to read the display if you are watching things like web traffic.
nethogs Now I’ll show you how to use
nethogs eth1 Which will give you a screen similar to the following, showing the processes that are sending or receiving traffic on that interface.
While it’s running, you can use the
Being so simple is the greatest advantage of nethogs, since it makes it much more user-friendly than iftop and lets you see in an instant what applications are using your network, and how much bandwidth they are using. If you think your network is being hammered and you want to know who to hold responsible,
Don’t be evil With great power comes great responsibility. If you have root on a machine that is routing a lot of traffic, tools like this will let you see what people are doing on the network; don’t be evil. Use these tools to monitor your own traffic, and to troubleshoot problems, but don’t spy on other people.
iftopgives you information about the network traffic of your machine. In this article I’ll show the in-depth usage of iftop, as well as another program called
nethogsthat was recommended by a reader. With these two programs you’ll learn how to monitor network usage in Linux, in both Ubuntu and Fedora as well as many other distributions.
Note: You’ll need to be root to run most, if not all, of these commands.
iftop I’ve used
iftopfor a long time, because it’s a very powerful tool that gives you lots of details about your network connections. Here’s what you need to know about
iftopto get started:
Basic Usage
iftopis easy to use if you just want to see your current network connections and how much bandwidth is being used by each remote host. Simply launch it from the command line, passing the
-ioption with the interface you want to monitor, and optionally the
-Boption to display values in bytes (the default is to display in bits). So for example, to monitor the wlan0 device in bytes, you would run:
iftop -i wlan0 -BThere’s a lot of information displayed on the screen, but it is formatted intelligently and quickly becomes easy to digest. Here is what the basic screen is showing you, when you first launch
iftop:
As you can see, the display is packed full of useful information (click on the image above for a larger version). Don’t worry if it’s a little overwhelming at first; it won’t take long to get used to reading the display, and you’ll appreciate having all this information available so quickly.
Now let’s move on to some of the more powerful features that
iftopprovides.
Filtering networks, hosts, and ports
While it’s nice to see all the hosts your computer is talking to, it’s often the case that you’re only interested in a certain segment of the network.
iftopallows you to filter connections by network, host, and port, which gives you complete control over which connections are displayed.
iftopaccepts pcap-filter formatted filters on the commandline with the
-fflag. Below is a table of some of the filers you might want to use with iftop:
dst host host | src host host |
dst net net | src net net |
dst port port | src port port |
dst portrange start-end | src portrange start-end |
gateway gateway | |
ip proto protocol |
iftop -i eth0 -f “dst host google.com”Or to see only ssh traffic over wlan0:
iftop -i wlan0 -f “dst port 22″Additionally,
iftopallows you to set arbitrary filters based upon regular expressions. It’s important to note that when you specify a filter with a regular expression, you are only filtering the on-screen output, whereas using a pcap filter (above) will filter what iftop actually listens to. As a result, the totals displayed at the bottom of the screen won’t be affected by regex filters. You can press the
lkey to enter regular expression filters while iftop is running.
Controlling the interface and the online help
Once you’ve got the information you want on the screen, you’ll need to be able to move around and tweak the exact output. There are many options, and the easiest thing to do is just hit the
hor
?key to see the on-screen help:
Notice that you can toggle things like hostname and port resolution, port display, and whether iftop sorts by destination or source. Showing connections by port is useful for monitoring throughput on programs that create many connections, while turning DNS resolution on might make it easier to read the display if you are watching things like web traffic.
nethogs Now I’ll show you how to use
nethogs, which is a great little program that was mentioned by one of TechThrob’s readers (thanks, dasen!). Whereas
iftopdisplays network usage by destination IP address and port number,
nethogstakes a process-oriented approach and shows you usage based on the program that is accessing the network.
nethogsis much simpler than iftop and doesn’t have as many options. You can specify the interface to listen on when you launch it:
nethogs eth1 Which will give you a screen similar to the following, showing the processes that are sending or receiving traffic on that interface.
While it’s running, you can use the
mkey to toggle between units (megabytes, kilobytes, and bytes) and to change whether you are viewing instantaneous throughput or the total throughput since nethogs was started.
Being so simple is the greatest advantage of nethogs, since it makes it much more user-friendly than iftop and lets you see in an instant what applications are using your network, and how much bandwidth they are using. If you think your network is being hammered and you want to know who to hold responsible,
nethogsis probably the command you want.
Don’t be evil With great power comes great responsibility. If you have root on a machine that is routing a lot of traffic, tools like this will let you see what people are doing on the network; don’t be evil. Use these tools to monitor your own traffic, and to troubleshoot problems, but don’t spy on other people.
相关文章推荐
- How to Monitor and Log Network Traffic on Linux Using vnStat
- How to Monitor and Log Network Traffic on Linux Using vnStat
- How to achieve network disk by samba in linux?
- How to configure network bonding in Linux
- How to use, monitor, and disable transparent hugepages in Red Hat Enterprise Linux 6
- How to Monitor Your Network Usage in Windows 8 (And Prevent Paying For The Extra Bandwidth)
- How to use "man" effectively in the development of Linux
- how-to-use-ps-kill-and-nice-to-manage-processes-in-linux
- How to Modify Private Network Information in Oracle Clusterware [ID 283684.1]
- How to monitor Linux UDP buffer available space?
- (转)How to use udev for Oracle ASM in Oracle Linux 6
- How To Monitor Remote Windows Machine Using Nagios on Linux
- How to Install Nvidia Kernel Module Cuda and Pyrit in Kali Linux
- How to use Yum package installer in linux?
- How to version control /etc directory in Linux
- How to install sublime text 3 in ubantu linux
- How to screenshot in Linux
- linux, how to define a new array in bash
- How to Set and Unset Local, User and System Wide Environment Variables in Linux
- How to change I/O scheduler in Linux