Introduction
Network administrators need to know whats going on with their network, who’s using the bandwidth and how their IT infrastructure is handling the load. It is a very dificult task for every network admin to monitor and debug Linux network related problems.
But, it is much easier, if you have right tools at your disposal.
In this tutorial, we will look at the most popular Linux Network Monitoring Tools.
Nload
Nload is a console-based application that monitors network traffic and bandwidth usage in real time, and allows users to monitor the incoming and outgoing traffic separately.
Nload shows you the incoming and outgoing traffic using two graphs and also provides the total amount of transferred data and min/max network usage.
Nload is very useful if you want to see the total bandwidth usage without details of individual processes.
By default, nload is available in the Ubuntu repository. You can easily install it by running the following command:
sudo apt-get install nload
Run the following command to start monitoring your network:
sudo nload
If you want to monitor network traffic on interface eth0, then simply run the following command:
sudo nload eth0
If you want to refresh interval of the display every 300 milliseconds, then just hit the following command:
sudo nload -t 300
Iftop
Iftop is a real-time command line tool that listens to network traffic on a given interface such as eth0, eth1, wlan0 etc and displays a table of current bandwidth usage by pairs of hosts. If you want to see daily internet/bandwidth usage of your system or server, then iftop is best for you.
You can install iftop by simply running the following command:
sudo apt-get install iftop
Once iftop is installed, use iftop with the following command:
sudo iftop -i eth0
If you want to see the on-screen help, then just run the following command:
sudo iftop -h
Output:
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]
-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B Display bandwidth in bytes
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
iftop, version 1.0pre2
copyright (c) 2002 Paul Warren and contributors
NetHogs
NetHogs is an open source small “net top” tool that is used to monitor network traffic by process. NetHogs groups bandwidth by process instead of breaking the traffic down per protocol or per subnet, it is very useful when it comes to find out which PID is causing the problem with your network. If you want to find out programs that are consuming all your bandwidth on your linux system, then NetHogs is best for you.
Features:
- Display both download and upload speed per process
- Supports both Ethernet and PPP
- Supports both IPv4 and IPv6
You can easily install NetHogs in Ubuntu system by running the following command:
sudo apt-get install libncurses5-dev libpcap0.8-dev nethogs
Once NetHogs is installed, you can easily run it with the following command on your terminal.
sudo nethogs
By default, NetHogs listens on eth0 interface and displays the bandwidth consumption of the processes.
If you want to monitor bandwidth usage of eth1 interface, run the following command.
sudo nethogs eth1
You can also set refresh intervals using -d along with seconds.
sudo nethogs -d 10
For more information of nethogs command, run the following command:
man nethogs
IPTraf
IPTraf is a console-based software-only analyzer for Linux that gathers TCP connection packets, byte counts interface statistics and activity indicators. It shows you individual connections and the amount of data flowing between the hosts. You can use IPTraf to monitor the load on an IP network, and used types of network services.
Features
- TCP packet and byte counts, and flag statuses.
- TCP and UDP service statistics and ICMP type information.
- Source and destination addresses with port numbers.
- Statistics of LAN.
You can install IPTraf on Ubuntu system by running the following command:
sudo apt-get install iptraf
Once IPTraf installed, you can launch IPTraf interface by running the following command:
sudo iptraf
You should see IP traffic monitoring, general interface statistics, statistical breakdowns, filters and some configuration options.
You can also start the IP traffic monitor on a particular interface. For example, you can start the IP traffic on interface eth1, run the following command:
sudo iptraf -i eth1
To monitor TCP/UDP trafic on eth1 interface, run the following command:
sudo iptraf -s eth1
Similarly, you can also monitor TCP/UDP traffic on a specific interface, using the following command.
iptraf -s eth0
If you want to know more options, run the following command:
sudo iptraf -h
or
man iptraf
vnStat
vnStat is a console-based network traffic monitor for Linux that uses statistics provided by the kernel which ensures light use of system resources.
This tool can help you to monitor, log and view network statistics over various time periods. It provides summaries on various network interfaces such as eth0, wlan0, etc.
You can also view hourly, daily, monthly statistics in the form of a detailed table using vnstat.
You can install vnstat on Ubuntu system by running the following command:
sudo apt-get install vnstat
Once the installation is complete, you will need to configure it as it does not start on its own.
Now, tell vnStat the network interfaces to monitor.
vnstat -u -i eth0
The above command activates monitoring on interface eth0.
Now, start vnstat by running the following command:
sudo vnstat
Output:
Database updated: Sun Sep 18 16:50:25 2016
wlan0 since 01/01/16
rx: 16.33 GiB tx: 2.56 GiB total: 18.89 GiB
monthly
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Aug '16 1.37 GiB | 263.16 MiB | 1.63 GiB | 5.09 kbit/s
Sep '16 670.73 MiB | 136.67 MiB | 807.41 MiB | 4.32 kbit/s
------------------------+-------------+-------------+---------------
estimated 1.11 GiB | 230 MiB | 1.33 GiB |
daily
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
yesterday 94.54 MiB | 13.94 MiB | 108.48 MiB | 10.29 kbit/s
today 92.68 MiB | 27.81 MiB | 120.48 MiB | 16.28 kbit/s
------------------------+-------------+-------------+---------------
estimated 131 MiB | 38 MiB | 169 MiB |
You can also monitor live bandwidth usage by running the following command:
sudo vnstat -l -i eth0
To view all the network interfaces available in your system, use the command:
sudo vnstat --iflist
Output:
Available interfaces: vethQ75PDB br-7b9ff245c3a0 lo lxcbr0 wlan0 docker0
Bmon
Bmon is a portable real-time bandwidth monitor tool that supports various input methods for different architectures. Bmon is used to gather the live network traffic related data. You can easily monitor network load over all the network interface on the system using bmon.
Features
- Total download and upload speed on each network interface.
- Total network bandwidth usage per network interface.
- Detail information about network such as sent and received packets.
You can install bmon on Ubuntu system by running the following command:
sudo apt-get install bmon
Once bmon is installed, run the following command to start monitoring your system:
sudo bmon
Output:
Interfaces │ RX bps pps %│ TX bps pps %
->lo │ 0 0 │ 0 0
wlan0 │ 0 0 │ 0 0
qdisc none (mq) │ 0 0 │ 0 0
class :1 (mq) │ 0 0 │ 0 0
class :2 (mq) │ 0 0 │ 0 0
class :3 (mq) │ 0 0 │ 0 0
┴ class :4 (mq) │ 0 0 │ 0 0
───────────────────────────────┴───────────────────────┴─────────────────────────────────────────────────────────────────────────────────────────────
(RX Bytes/second) (TX Bytes/second)
0.00 ............................................................ 0.00 ............................................................
0.00 ............................................................ 0.00 ............................................................
0.00 ............................................................ 0.00 ............................................................
0.00 ............................................................ 0.00 ............................................................
0.00 ............................................................ 0.00 ............................................................
0.00 ............................................................ 0.00 ............................................................
1 5 10 15 20 25 30 35 40 45 50 55 60 1 5 10 15 20 25 30 35 40 45 50 55 60
───────────────────────────────────────┬───────────────────────────────────────┬─────────────────────────────────────────────────────────────────────
RX TX │ RX TX │ RX TX
Bytes 627.52KiB 627.52KiB│ Packtes 6.39K 6.39K │ Abort Error - 0
Carrier Error - 0 │ Collisions - 0 │ Compressed 0 0
CRC Error 0 - │ Dropped 0 0 │ Errors 0 0
FIFO Error 0 0 │ Frame Error 0 - │ Heartbeat Erro - 0
ICMPv6 0 0 │ ICMPv6 Errors 0 0 │ Ip6 Address Er 83 -
Ip6 Broadcast 0 0 │ Ip6 Broadcast 0 0 │ Ip6 Delivers 0 -
Ip6 Forwarded - 0 │ Ip6 Header Err 7.12K - │ Ip6 Multicast 0 0
Ip6 Multicast 0 0 │ Ip6 No Route 0 0 │ Ip6 Reasm/Frag 0 0
Ip6 Reasm/Frag 0 0 │ Ip6 Reasm/Frag 0 0 │ Ip6 Reassembly 0 -
Ip6 Too Big Er 83 - │ Ip6 Truncated 0 - │ Ip6 Unknown Pr 7.12K -
Ip6Discards 0 0 │ Ip6Octets 0 0 │ Ip6Pkts 83 0
Length Error 0 - │ Missed Error 0 - │ Multicast - 0
Over Error 0 - │ Window Error - 0 │
Collectl
collectl is a command-line utility that can be used to collect performance data that describes the current system status. Collectl comes with set of options that are used to measure the values of multiple different system metrics and also save the data for future. Collectl is used to gather information about cpu, network, disk, memory, tcp, nfs, and processes.
Features:
- Run interactively or daemon.
- Combination of ps, top, iotop, vmstat tools.
- Ability to monitor any subsystem and record the captured data.
- Display output in terminal and also write it to a file.
- Easily monitor remote machine and server.
You can install collectl on Ubuntu system by running the following command:
sudo apt-get install collectl
Once the collectl is installed, you can easily run it from your terminal:
sudo collectl
You should see the following output:
#
#cpu sys inter ctxsw KBRead Reads KBWrit Writes KBIn PktIn KBOut PktOut
10 4 795 3288 0 0 0 0 0 0 0 0
24 6 1479 5447 0 0 0 0 0 0 0 0
17 3 1543 3248 0 0 0 0 0 0 0 0
17 4 1750 4043 0 0 0 0 0 0 0 0
11 5 1554 3654 8 2 0 0 0 0 0 0
12 4 1675 3608 0 0 64 3 1 4 1 6
13 6 1672 3501 0 0 376 34 1 6 2 7
12 5 1573 3860 0 0 0 0 0 1 0 0
13 5 1556 3615 0 0 0 0 0 0 0 0
16 5 1574 3830 0 0 0 0 0 0 0 0
18 4 1782 3863 0 0 40 2 0 2 0 2
14 5 1610 3932 0 0 0 0 0 0 0 0
11 4 1508 3486 0 0 248 1 0 0 0 0
10 3 1401 3295 0 0 0 0 0 0 0 0
10 4 1223 3355 0 0 0 0 0 0 0 0
12 5 1573 3705 0 0 0 0 0 0 0 0
9 4 1462 3119 0 0 0 0 0 0 0 0
12 5 1586 3835 0 0 40 2 0 0 0 0
12 5 1589 3401 0 0 0 0 0 0 0 0
11 5 1477 3606 0 0 0 0 0 0 0 0
11 4 1453 3484 0 0 0 0 0 0 0 0
10 4 1531 3232 0 0 0 0 0 0 0 0
12 5 1653 3798 0 0 0 0 0 0 0 0
11 4 1523 3529 0 0 0 0 0 0 0 0
10 4 1499 3465 0 0 0 0 0 0 0 0
12 5 1551 3601 0 0 0 0 0 0 0 0
The above output displays information about cpu, disk and network. If you want to gather all information run the following command:
sudo collectl --all
Output:
defined(@array) is deprecated at /usr/share/collectl/formatit.ph line 3149.
(Maybe you should just omit the defined()?)
waiting for 1 second sample...
#
#cpu sys inter ctxsw Cpu0 Cpu1 Cpu2 Cpu3 Free Buff Cach Inac Slab Map Fragments KBRead Reads KBWrit Writes KBIn PktIn KBOut PktOut IP Tcp Udp Icmp Tcp Udp Raw Frag Handle Inodes Reads Writes Meta Comm
14 5 1588 3753 967 210 226 186 1G 203M 1G 1G 164M 1G ssplkfdjgaj 0 0 0 0 0 0 0 0 0 0 0 0 647 0 0 0 8032 96843 0 0 0 0
17 4 1667 3514 853 307 347 158 1G 203M 1G 1G 164M 1G ssplkfdjgaj 0 0 0 0 0 0 0 0 0 0 0 0 647 0 0 0 8032 96847 0 0 0 0
13 5 1603 3673 985 252 226 153 1G 203M 1G 1G 164M 1G ssplkfdjgaj 0 0 20 2 0 0 0 0 0 0 0 0 647 0 0 0 8032 96847 0 0 0 0
13 5 1616 3767 979 185 269 171 1G 203M 1G 1G 164M 1G ssplkfdjgaj 0 0 0 0 0 0 0 0 0 0 0 0 647 0 0 0 8032 96847 0 0 0 0
10 4 1524 3458 898 66 356 204 1G 203M 1G 1G 164M 1G ssplkfdjgaj 8 2 0 0 0 0 0 1 0 0 0 0 647 0 0 0 8032 96847 0 0 0 0
12 4 1502 3416 826 154 291 230 1G 203M 1G 1G 164M 1G qsplkfdjgaj 0 0 0 0 0 2 0 2 0 0 0 0 647 0 0 0 8032 96847 0 0 0 0
Tcpdump
Tcpdump is a powerful command-line package analyzer tool that is used to capture TCP/IP packets received over a network on a specific interface. Tcpdump allows you to store captured output in a file for future analysis. Tcpdump works on most unix-based operating system such as Linux, Solaris, BSD, OS X, Android and AIX.
By default, most Linux distributions comes with tcpdump tool. If you don’t have it on your system, you can install it by running the following command:
sudo apt-get install tcpdump
You can see the list of interfaces on which tcpdump can listen by running the following command:
sudo tcpdump -D
Output:
1.wlan0
2.lxcbr0
3.docker0
4.bluetooth0 (Bluetooth adapter number 0)
5.br-7b9ff245c3a0
6.veth18LLDW
7.any (Pseudo-device that captures on all interfaces)
8.lo
Now, run the following command to listen on interface wlan0:
sudo tcpdump -i wlan0
Output:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
Now, start capturing packets by running the following command:
sudo tcpdump -vv
Output:
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:26:55.657252 IP (tos 0x0, ttl 50, id 59232, offset 0, flags [DF], proto TCP (6), length 52)
webserver.aarth.com.http > Vyom-PC.33878: Flags [F.], cksum 0x534b (correct), seq 2322559038, ack 3658694015, win 114, options [nop,nop,TS val 84581743 ecr 424085], length 0
19:26:55.657431 IP (tos 0x0, ttl 64, id 20423, offset 0, flags [DF], proto TCP (6), length 52)
Vyom-PC.33878 > webserver.aarth.com.http: Flags [.], cksum 0x524b (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 424226 ecr 84581743], length 0
19:26:56.171154 IP (tos 0x0, ttl 64, id 35621, offset 0, flags [DF], proto UDP (17), length 71)
Vyom-PC.45063 > 192.168.43.1.domain: [udp sum ok] 19257+ PTR? 4.43.168.192.in-addr.arpa. (43)
19:26:56.173191 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 92)
192.168.43.1.domain > Vyom-PC.45063: [udp sum ok] 19257* q: PTR? 4.43.168.192.in-addr.arpa. 1/0/0 4.43.168.192.in-addr.arpa. PTR Vyom-PC. (64)
19:26:56.174256 IP (tos 0x0, ttl 64, id 35622, offset 0, flags [DF], proto UDP (17), length 71)
Vyom-PC.38534 > 192.168.43.1.domain: [udp sum ok] 27978+ PTR? 90.89.252.43.in-addr.arpa. (43)
19:26:56.175545 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 104)
192.168.43.1.domain > Vyom-PC.38534: [udp sum ok] 27978 q: PTR? 90.89.252.43.in-addr.arpa. 1/0/0 90.89.252.43.in-addr.arpa. PTR webserver.aarth.com. (76)
19:26:57.177633 IP (tos 0x0, ttl 64, id 35623, offset 0, flags [DF], proto UDP (17), length 71)
Vyom-PC.43909 > 192.168.43.1.domain: [udp sum ok] 39537+ PTR? 1.43.168.192.in-addr.arpa. (43)
19:26:57.178910 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 71)
192.168.43.1.domain > Vyom-PC.43909: [udp sum ok] 39537 NXDomain q: PTR? 1.43.168.192.in-addr.arpa. 0/0/0 (43)
19:26:59.385007 IP (tos 0x0, ttl 64, id 16886, offset 0, flags [DF], proto TCP (6), length 52)
Vyom-PC.33874 > webserver.aarth.com.http: Flags [.], cksum 0xdc09 (correct), seq 2660449006, ack 2608338423, win 237, options [nop,nop,TS val 425158 ecr 84580185], length 0
19:26:59.425192 IP (tos 0x0, ttl 64, id 57724, offset 0, flags [DF], proto TCP (6), length 52)
Vyom-PC.33875 > webserver.aarth.com.http: Flags [.], cksum 0xa466 (correct), seq 3294075758, ack 571883679, win 237, options [nop,nop,TS val 425168 ecr 84580199], length 0
19:26:59.727002 IP (tos 0x0, ttl 50, id 33757, offset 0, flags [DF], proto TCP (6), length 52)
webserver.aarth.com.http > Vyom-PC.33874: Flags [.], cksum 0xdc11 (correct), seq 1, ack 1, win 156, options [nop,nop,TS val 84582757 ecr 422658], length 0
19:26:59.826828 IP (tos 0x0, ttl 50, id 43229, offset 0, flags [DF], proto TCP (6), length 52)
webserver.aarth.com.http > Vyom-PC.33875: Flags [.], cksum 0xa463 (correct), seq 1, ack 1, win 156, options [nop,nop,TS val 84582782 ecr 422668], length 0
To save the captured packets in a file called tcpdump.cap, run the following command:
sudo tcpdump -w tcpdump.cap
Nmon
Nmon also known as “Nigel’s Performance Monitor” is a performance monitoring and benchmark tool that can be used to display performance data about the cpu, memory, network, disk, file system, nfs, resources, etc. Nmon gather information and displays it onscreen or saves to a file.
You can install nmon on Ubuntu system by running the following command:
sudo apt-get install nmon
Once nmon is installed, you can launch it by running the following command:
sudo nmon
Output:
│ ------------------------------ For help type H or ... │
│ # # # # #### # # nmon -? - hint │
│ ## # ## ## # # ## # nmon -h - full │
│ # # # # ## # # # # # # │
│ # # # # # # # # # # To start the same way every time │
│ # ## # # # # # ## set the NMON ksh variable │
│ # # # # #### # # │
│ ------------------------------ │
│ │
│ Use these keys to toggle statistics on/off: │
│ c = CPU l = CPU Long-term - = Faster screen updates │
│ m = Memory j = Filesystems + = Slower screen updates │
│ d = Disks n = Network V = Virtual Memory │
│ r = Resource N = NFS v = Verbose hints │
│ k = kernel t = Top-processes . = only busy disks/procs │
│ h = more options q = Quit │
│───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────│
As you can see from the above output, nmon runs in interactive mode and use it with the keys to toggle statistics.
Conclusion
In the above tutorial, you have learned of various tools to quickly check the network bandwidth on your linux server or host system. There are also web based tools available to do the same task. I hope you can now easily install and use these tools in production environment to monitor and troubleshoot network performance.
Share this Article!
