Linux Command line Network monitoring tool

Transferred from: http://blog.sina.com.cn/s/blog_14d68bfac0102vux9.html

Network monitoring tools are an important feature for businesses of any size. The objectives of network monitoring may vary widely. For example, the goal of monitoring activities can be to ensure long-term network services, security protection, performance troubleshooting, Network usage statistics. Because of its different goals, the Network Monitor uses many different ways to accomplish the task. For example, packet-level sniffing, data flow level statistics, to the network to inject the detection of traffic, Analysis server logs and so on.
While there are many dedicated network monitoring systems that can be monitored 365 days and 24 hours, you can still use a command-line Network Monitor in certain situations, and some command-line network monitors are useful in some way. If you are a system administrator, you should have the experience of using some well-known command-line network monitors yourself. Here's a list of popular and useful web monitors on Linux.

Packet-level Sniffer
Under this category, monitoring tools capture separate packages on the link, analyze their content, and display decoded content or packet-level statistics. These tools monitor and manage the network at the lowest level, as well as the most granular monitoring, at the expense of the process of affecting network I/O and analysis.
Dhcpdump: A command-line DHCP traffic sniffing tool that captures DHCP request/reply traffic and displays decoded DHCP protocol messages in a user-friendly manner. This is a useful tool for troubleshooting DHCP-related failures.
Dsniff: A tool collection based on command line sniffing, forgery, and hijacking, designed for network review and penetration testing. It can sniff out a variety of information, such as passwords, NSF traffic (LCTT: NFS traffic here), email messages, network addresses, and so on.
Httpry: An HTTP message sniffer that captures, decodes, and displays the HTTP request and reply messages in a user-friendly manner. (LCTT: Extended reading.) http://www.linuxidc.com/Linux/2014-11/108865.htm)
Iptraf: A command-line-based network statistics viewer. It shows the packet level, connection plane, interface level, protocol level of the message/byte number in real-time. The packet capture process is controlled by the protocol filter, and the process is all menu-driven. (LCTT: Extended reading.) http://www.linuxidc.com/Linux/2015-05/117346.htm)

Mysql-sniffer: A tool for crawling and decoding data packets related to MySQL requests. It displays the most frequent or full requests in a readable manner.
Ngrep: Execute grep in the network message. It captures messages in real time and matches (filters) messages in regular expressions or hexadecimal expressions. It is a utility that can detect, store, or crawl abnormal traffic on a specific pattern message in a live stream.
P0F: A passive packet sniffing-based fingerprint capture tool that reliably identifies operating systems, NAT or proxy settings, network link types, and many other properties related to active TCP connections.
Pktstat: A command-line tool that displays information about connection bandwidth usage and related protocols (for example, HTTP get/post, FTP, X11) by analyzing messages in real time.

Snort: An intrusion detection and prevention tool that detects/prevents various backdoor, botnet, phishing, and spyware attacks in active traffic through rule-driven protocol analysis and content matching.
Snort Chinese Manual http://www.linuxidc.com/Linux/2013-11/92265.htm
Snort + Base Intrusion detection configuration http://www.linuxidc.com/Linux/2013-02/79805.htm
Ubuntu 12.04 Under install snort detailed http://www.linuxidc.com/Linux/2013-01/78554.htm
Snort enterprise Deployment Combat http://www.linuxidc.com/Linux/2012-08/68946.htm
Snort+base Build IDs Intrusion detection system http://www.linuxidc.com/Linux/2012-08/67865.htm
Linux platform snort intrusion Detection system Combat Guide http://www.linuxidc.com/Linux/2012-08/67048.htm
tcpdump: A command-line sniffer tool that can fetch packets from the network based on the filter expression, analyze the messages, and output the message content at the packet level to facilitate packet-level analysis. He is widely used in many network-related troubleshooting, network program debug, or security monitoring.
Getting Started with Linux system learning: How to use tcpdump to capture TCP syn,ack and fin packages http://www.linuxidc.com/Linux/2014-10/107722.htm
Linux OPS Engineers: Nmap and Tcpdump http://www.linuxidc.com/Linux/2014-02/96993.htm
Tshark: A command-line sniffer tool that is used with the Wireshark window program. It captures and decodes real-time messages on the network and displays their content in a user-friendly manner.
Flow/process/interface-level monitoring
In this classification, the Network Monitor collects statistics for each stream, each process, and each interface by classifying the traffic according to the stream, the associated process, or the interface. The source of the information can be either the Libpcap capture library or the SYSFS kernel virtual file system. The cost of monitoring these tools is low, but lacks the ability to inspect at the package level.
Bmon: A command-line-based bandwidth monitoring tool that can display various interface-related information, including not only the total/average data received/sent, but also the historical bandwidth usage view.
Iftop: A bandwidth usage monitoring tool that can display the bandwidth usage of a network connection in real time. It sorts all bandwidth usage and visualizes it through the ncurses interface. He can easily monitor which connection consumes the most bandwidth. (LCTT: Extended reading.) http://www.linuxidc.com/Linux/2013-08/89102.htm)
centos-Network card Real-time monitoring tool-iftop http://www.linuxidc.com/Linux/2013-05/84590.htm
Software iftop http://www.linuxidc.com/Linux/2011-05/36348.htm for monitoring network card traffic under Linux
CentOS Traffic Viewing tool iftop Introduction http://www.linuxidc.com/Linux/2008-06/13492.htm
Nethogs: A process monitoring tool based on the ncurses display that provides real-time upstream/downstream bandwidth usage information related to the process. It is useful for detecting processes that consume large amounts of bandwidth. (LCTT: Extended reading.) http://www.linuxidc.com/Linux/2014-04/99602.htm)
Netstat: A tool that displays statistical information for many TCP/UDP network stacks. Statistics and attributes such as open TCP/UDP Connection book, network interface send/Receive, routing table, Protocol/socket. It is useful when you diagnose performance and resource usage related to the network stack.
Speedometer: A terminal tool that visualizes the historical trend of bandwidth usage for an interface sent/received, and is displayed based on a ncurses bar chart.
Sysdig: A tool that enables comprehensive, system-level debugging of individual Linux subsystems through a unified interface. Its network monitoring module can monitor online or offline, many process/host related network statistics, such as bandwidth, number of connections/requests, etc. (LCTT: Extended reading.) http://www.linuxidc.com/Linux/2014-12/110033.htm)
Tcptrack: A TCP connection monitoring tool that can display active TCP connections, including source/destination IP address/port, TCP status, bandwidth usage, and so on.
Vnstat: A traffic monitor that stores and displays the historical receive/Send bandwidth view for each interface (for example, current, daily, monthly). As a daemon, it collects and stores statistics, including interface bandwidth usage and the total number of bytes transferred.

Linux Command line Network monitoring tool