Network Monitoring tools for Linux

The Linux Performance Network monitoring tool (IOSTAT/SAR/MPSTAT) needs to be installed Sysstat this package.

Tool One, iftop (View network bandwidth, (must be installed from Epel source)

1) The dependency packages required by Iftop are as follows:

Flex BYACC libpcap ncurses ncurses-devel libpcap-devel

2) The following is a description on Wikipedia:

Iftop Monitors to network traffic (net traffic) and displays a table of currentbandwidth usage (real-time bandwidth usage). An interface is specified or, if not, it'll listen on the first interface it finds which looks as an external inte Rface (with Libpcap and libncurses). Iftop Must is run with sufficient permissions to monitor all network traffic; On more systems This means the it must be run as a Root user, see Sudo.

By default, Iftop Would look up hostnames associated with addresses and counts all IPS packets that pass through the filter. Hostname look-up can add substantial traffic, in and of itself (host name query can add a lot of traffic), and may result in an inaccurate display of Network traffic (which may cause inaccurate display of traffic). wish to suppress display of the DNS traffic by using the filter code such as "Not Port Domain" (which you might want to pass through like not port domain Filter code suppresses DNS traffic display), or switch it off entirely, by using the-n option or by pressing ' n ' when the program is running (or via- NThe option is turned off). Using the-f option makes it possible to show packets entering and leaving a given network (- Foption to show packets entering and leaving a given network.

3) Options:

iftop-h |   [-NNPBLBP]    [-I. Interface]    [-F Filter Code]    [-F Net/mask] [-G NET6/MASK6]

• -h

  Print a summary of usage. Help information

  -n

  Don ' t do hostname lookups. Don't use host query function

  -n

  Resolve port number to service names does not resolve service name

  -p

  Run in Promiscuous mode, so, traffic which does no pass directly through the specified interface is also counted.

  -p

  Turn on port display.

  -l

  Display and Count datagrams addressed to or from link-local IPv6 addresses. The default is isn't to display this address category.

  -b

  Don ' t display bar graphs of traffic.

  -b

  Display bandwidth rates in bytes/sec rather than bits/sec.

• - I. Interface

• Listen to packets on interface.

• - F Filter code filters

• use filter code to select the packets to count. Only IP packets was ever counted, so the specified code is evaluated as (Filter Code ) and IP.

• - F net/mask

• Specifies an IPV4 network for traffic analysis. If specified, Iftop would only include packets flowing on to or out of the given network, and packet direction is determine D relative to the network boundary, rather than to the interface. Specify mask as a dotted quad, such as/255.255.255.0, or as a single number specifying The number of bits set in the netmask, such as/24.

• - G net6/mask6

• Specifies an IPV6 network for traffic analysis. The value of mask6 can given as a prefix length or as a numerical address string for more co Mpound bitmasking.

• - C config file

• Specifies an alternate config file. If not specified, Iftop 'll use ~/.IFTOPRC if it exists. See below for a description of config files

• By pressing s (lowercase) or D while iftop are running, all traffic for each source or destination would be aggreg Ated together. (by pressing S or D, we can pool the flow of each source or destination) This is the most useful when Iftop was run in promiscuous mode (mixed mode), or is run on a Gateway Machine.

• S (uppercase) or D Toggle the display of source and destination ports respectively. p 'll toggle Port display on/off.

• Display Type:

  T cycles through the four line display modes; The default 2-line display, with sent and received traffic in separate lines, and 3 1-line displays, with sent, received, or total traffic shown.
  

• Display order:

  By default, the display was ordered according to the 10s average (2nd column). By pressing 1, 2 or 3 it was possible to sort by the 1st, 2nd or 3rd column. By pressing < or > the display is sorted by source or destination hostname respectively.

• Pause Display or Freeze commands

P(uppercase) would pause the current display.

o (lowercase) would freeze the current screen order . This have the side effect that traffic between hosts not shown on the screens at the time is not being shown at all, although It'll be included in the totals on the bottom of the screen.

• Scrolling display

  J and K'll scroll the display of the hosts. This feature was most useful when the display order was frozen (see above).

4) About Iftop configuration file:

Configuration file: ~/.IFTOPRC

• Interface:if

• Sets the network interface to If.

• Dns-resolution: (Yes|no)

• Controls reverse lookup of IP addresses.

• Port-resolution: (Yes|no)

• Controls conversion of port numbers to service names.

• Filter-code:bpf

• Sets the filter code to BPF.

• Show-bars: (Yes|no)

• Controls display of bar graphs.

• Promiscuous: (Yes|no)

• Puts the interface into promiscuous mode.

• Port-display: (Off|source-only|destination-only|on)

• Controls display of port numbers.

• Link-local: (Yes|no)

• Determines displaying of link-local IPv6 addresses.

• Hide-source: (Yes|no)

• Hides source host names.

• Hide-destination: (Yes|no)

• Hides destination host names.

• Use-bytes: (Yes|no)

• Use bytes for bandwidth display, rather than bits.

• Sort: (2s|10s|40s|source|destination)

• Sets which column is used to sort the display.

• Line-display: (two-line|one-line-both|one-line-sent|one-line-received)

• Controls the appearance of each item in the display.

• Show-totals: (Yes|no)

• Shows cumulative total for each item.

• Log-scale: (Yes|no)

• Use a logarithmic scale for bar graphs.

• Max-bandwidth:bw

• Fixes the maximum for the bar graph scale to bw, e.g. "10M". Note that the value have to always is in bits, regardless if the option to display in bytes have been chosen.

• Net-filter:net/mask

• Defines an IP network boundary for determining packet direction.

• Net-filter6:net6/mask6

• Defines an IPV6 network boundary for determining packet direction.

• Screen-filter:regexp

• Sets a regular expression to filter screen output.

5) Description:

The time interval displayed is: 2, second intervals

6) Install Iftop:

Official website: http://www.ex-parrot.com/~pdw/iftop/

Make, GCC, autoconf

Flex

Byacc

Libpcap Libpcap-devel

Ncurses Ncurses-devel

This article is from the "Victor's Struggle" blog, please be sure to keep this source http://victor2016.blog.51cto.com/6768693/1878622

Network Monitoring tools for Linux