Real-time monitoring tool for network traffic under Linux __linux

Real-time monitoring tools for network traffic under Linux
Hotelbooking

Found in the work, often because of business reasons, need to immediately understand the traffic of a server network card, although the company also deployed cacti software, but cacti is five minutes of statistics, there is no immediacy, and sometimes open the monitoring page is inconvenient, individuals like to hand in a server on the input of a command, View the real-time network card traffic. Baidu for a while, found that there are several methods, this software is a summary.

First, Iptraf software
Rhel ISO contains, my company's system, and there is no default installation, it is powerful, you can follow the protocol, such as network card analysis.
1.1 Iptraf Installation
SOURCE Installation
wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
Tar zxvf iptraf-3.0.0.tar.gz
CD iptraf-3.0.0
./setup
Yum mode installation
Yum Install-y Iptraf
1.2 Iptraf use
[Root@kaifa opt]# Iptraf
Press any key to continue

First item: IP traffic Monitoring
Second item: General view network card traffic status. View total traffic for each NIC only
The third item: Detailed View network card traffic status. such as by Tcp,udp,arp and other protocols to view

Select all interfaces to view all NIC interfaces

The interface is divided into two parts, the upper part can be shown in detail which is connected with the IP, how many packets, the real-time flow is how much, the next section, you can display information such as UDP.

Press Q to exit the monitoring interface and select Exit to exit Iptraf.

Second, nload software
Rhel ISO does not take, need to go to the third party website download source code package. function is relatively single, can only view the total flow, not like the Iptraf of the preceding paragraph, you can see the total flow, can be subdivided to view the flow of other protocol points. Nload default is divided into two blocks, each part has the current flow (Curr), the average flow (Min), maximum flow (max), the total flow (TTL), it looks more intuitive.
2.1 Nload Installation
wget http://www.roland-riegel.de/nload/nload-0.7.2.tar.gz
Tar zxvf nload-0.7.2.tar.gz
CD nload-0.7.2
./configure–prefix=/usr/local/nload
Make
Make install
2.2 Nload Use
[Root@kaifa opt]#/usr/local/nload/bin/nload eth0

Third, Ifstat software
Rhel ISO does not take, although to the third party website download source code package, compile and install. This software also has the Windows edition, it may report the network card interface flow State, can view the network card the outflow and the inflow byte, is produces once per second data.
3.1 Ifstat Installation
wget http://gael.roualland.free.fr/ifstat/ifstat-1.1.tar.gz
TAR-ZXVF ifstat-1.1.tar.gz
CD ifstat-1.1
./configure--prefix=/usr/local/ifstat
Make
Make install
3.2 Ifstat Use

3.3 Related parameters
-L Monitoring Loop network Interface (LO). By default, Ifstat monitors all non-loop network interfaces that are active. Using the discovery, the-l parameter can monitor all network interface information, not only LO interface information, that is, plus the-l parameter will be more than one LO interface with the state information.
-A monitors the status information of all network interfaces that can be detected. The use of discovery, compared with the-l parameter is also more than a PLIP0 interface information, search to find this is the same port (network device is called Plip (Parallel line Internet Protocol). It provides the same port ... ）
-Z Hidden traffic is an interface that is not available, for example those interfaces that started but were not used
-i specifies the interface to be monitored, followed by the network interface name
-S equals plus-D snmp:[comm@][#]host[/nn]] parameter, querying a remote host via SNMP
-H Display short help information
-N Closes the display of recurring header information (that is, the name of the network interface appears at the top of the ifstat when you run it without the-n parameter, and when a screen does not appear, the name of the interface appears again, prompting us to display the traffic information specific to which network interface.) With the-n parameter closes the periodic display interface name, only once
-T adds a timestamp to the beginning of each line (tells us the exact time)
-T reports the full bandwidth of all monitoring interfaces (the last column has a total that shows the in flow of all the interfaces and the out flow of all interfaces, simply adds the in flow of all the interfaces and the out flow adds)
-W automatically enlarges column widths with the specified column width rather than the length of the interface name
-W Wrap text automatically if the content is wider than the width of the terminal window
-S maintains status updates (does not scroll without wrapping) on the same line note: This is handy if you don't like screen scrolling, similar to the way Bmon is displayed
-B Displays the bandwidth instead of the KBYTES/S (the difference between bit and byte should be known) kbits/s
-Q Quiet mode, warning message does not appear
-V Display version information
-d Specifies a driver to collect status information

IV. SAR software
This tool, Rhel ISO, is an excellent performance monitoring tool, not only for monitoring the network, it can display CPU, run queues, disk I/O, paging (swap area), memory, CPU interrupt performance data. SAR command in the Sysstat package, our system did not install this package, so to install it, SAR command.

4.1 SAR Installation
Yum Install Sysstat
4.2 SAR Use

After the command 5 2 means: every 5 seconds, take the value 2 times.
Iface:lan Interface
RXPCK/S: Packets Received per second
TXPCK/S: Packets sent per second
rxbyt/s: Bytes received per second
txbyt/s: Number of bytes sent per second
rxcmp/ S: Compressed packets received per second
TXCMP/S: Compressed packets sent per second
RXMCST/S: Multicast packets received per second

Fifth, iftop software
    RHEL ISO non-Self , Iftop can be used to monitor the real-time traffic of the network card (you can specify the network segment), reverse resolve IP, display port information, etc.

5.1 iftop install
wget http://www.ex-parrot.com/pdw/iftop/ download/iftop-0.17.tar.gz
Tar zxvf iftop-0.17.tar.gz
CD iftop-0.17
./configure–prefix=/usr/local/iftop
Make
Make install
5.2 iftop use
[root@nfstest opt]#/usr/local/iftop/sbin/iftop
 

5.3, Interface related instructions
The interface shows a scale range similar to scale, which is used as a ruler for displaying the flow pattern.
The middle <= => these two left and right arrows, indicating the direction of the flow.
TX: Send Traffic
RX: Receive Traffic
Total: Gross flow
Cumm: Total flow of running iftop to current time
Peak: Peak Flow
Rates: The average traffic of the past 2s 10s 40s respectively
5.4. Related parameters
Commonly used parameters
-I set the monitoring network card, such as: # Iftop-i eth1
-B displays traffic in bytes (bits by default), such as: # Iftop-b
-N Causes the host information to appear by default directly to the IP, such as: # Iftop-n
-N causes port information to be displayed directly by default, such as: # Iftop-n
-F shows incoming and outgoing traffic for a specific network segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0
-H (Display this message), Help, display parameter information
-P using this parameter, the middle of the list shows the local host information, the presence of IP information outside the machine;
-B to display the flow graph bar by default;
-F This is temporarily not very good to use, filtering the calculation package;
-P causes host information and port information to be displayed by default;
-M to set the maximum of the top of the interface, the scale is divided into five large segment display, example: # iftop-m 100M

This article is from the "System Network Operation Dimension" blog, please be sure to keep this source http://369369.blog.51cto.com/319630/805726