Commands for network monitoring of Linux systems

First, Ifconfig

[Email protected] zhouweia]# ifconfig

Eth0:flags=4163<up,broadcast,running,multicast> MTU 1500

inet 10.2.34.218 netmask 255.255.252.0 broadcast 10.2.35.255

Inet6 fe80::f816:3eff:febb:e41e Prefixlen ScopeID 0x20<link>

Ether fa:16:3e:bb:e4:1e Txqueuelen (Ethernet)

RX packets 25720035 Bytes 6490322541 (6.0 GiB)

RX Errors 0 dropped 6 overruns 0 frame 0

TX packets 18548794 Bytes 19604328038 (18.2 GiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Lo:flags=73<up,loopback,running> MTU 65536

inet 127.0.0.1 netmask 255.0.0.0

Inet6:: 1 prefixlen ScopeID 0x10

Loop Txqueuelen 0 (Local Loopback)

RX packets 1307190 Bytes 72857344 (69.4 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 1307190 Bytes 72857344 (69.4 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Eth0, lo: network card name;

Inet6: Route exit;

RX: Receive the statistics of the packet, including the number of packets lost, the number of errors, the total number of bytes, the number of packets;

TX: Sends the statistics of the packet, corresponding to the RX.

Second, Iftop

Iftop-i eth0 (NIC name)

Options:

-B: Displays the traffic results in bytes instead of bit.

-N: Displays the result in the form of an IP rather than a domain name.

-P: Displays the port number as well as the IP.

-B: The flow-scale graphic bar at the top of the interface is not displayed.

-M: Sets the maximum scale value at the top of the interface, with the scale divided into 5 large segments.

The results are detailed:

First line: Display the scale of network bandwidth, the last value is generally the maximum machine network bandwidth, as shown in: The machine is a gigabit network card.
204Mb 407Mb 611Mb 814Mb 0.99Gb

The middle list: According to occupy the network bandwidth from the big to the small sort, obtains the network bandwidth the machine communication between;

From left to right: source machine, Target machine, source machine and target machine communication between 2s, 10s, 40s real-time average traffic statistics;

Bottom three lines: Send, receive and all traffic
Bottom three row second column: from running iftop to current traffic
Bottom three row third column: Peak value

Bottom three row fourth column: Average

TX: Send Traffic
RX: Receive Traffic
Total: Overall flow
Cumm: Total traffic running iftop to current time
Peak: Traffic Peaks
Rates: Average total traffic statistics for the past 2s 10s 40s, respectively

It is easy to find the most traffic-consuming IP through the Iftop interface, and it is easy to determine if there is a network bottleneck.

Some operation commands after entering the Iftop screen (note case):
Press H to toggle whether help is displayed;
Press N to toggle the display of the IP or host name of the machine;
Press S to toggle whether the host information of the machine is displayed;
Press D to toggle whether the host information of the remote target hosts is displayed;
Press T to toggle the display format to 2 lines/1 lines/Only send traffic/show receive traffic only;
Press N to toggle display port number or port service name;
Press S to toggle whether to display the port information of the machine;
Press D to toggle whether the port information of the remote target host is displayed;
Press p to toggle whether the port information is displayed;
Press p to toggle pause/resume display;
Press B to toggle whether the average flow graph bar is displayed;
The average flow in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;
Press T to toggle whether the total traffic for each connection is displayed;
Press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only show this IP-related traffic information;
Press L to toggle the scale on the top of the display screen, and the flow graph bar will change depending on the scale;
Press J or press K to scroll up or down the screen to display the connection record;
Press 1 or 2 or 3 to sort by the three-column traffic data displayed on the right;
Sort by < According to the native name or IP on the left;
Sort by > According to the host name or IP of the remote target host;
Press O to toggle whether the current connection is fixed only;
Press Q or CTRL + C to exit the monitor.

Iv. traceroute

Command: Traceroute-n (IP only) target machine domain name or IP address

Used to view the entire routing process of the request to the target machine, which routers have passed and determine if the routing path is reasonable.

Wu, Ifstat

Very simple to see the network traffic, compared to the iftop more detailed.

This article is from the "one step, one step" blog, please be sure to keep this source http://summerflowers.blog.51cto.com/5202033/1844878

Commands for network monitoring of Linux systems