Ifstat
Introduced
Ifstat tool is a network interface monitoring tool, relatively simple to see network traffic
Instance
Default use
#ifstat
Eth0 eth1
KB/S in kb/s out kb/s in kb/s out
0.07 0.20 0.00 0.00
0.07 0.15 0.58 0.00 The default ifstat does not monitor the loopback interface, which shows the unit of traffic is KB.
Monitor all network interfaces
# ifstat-a
Lo eth0 eth1
KB/S in kb/s out kb/s in kb/s out kb/s on kb/s out
0.00 0.00 0.28 0.58 0.06 0.06
0.00 0.00 1.41 1.13 0.00 0.00
0.61 0.61 0.26 0.23 0.00 0.00
Ifstat relatively simple to see network traffic profile.
Iftop
Introduced
Iftop is a real-time flow monitoring tool, monitoring TCP/IP connection, the disadvantage is no report function. Must be run as root.
Instance
The default is to monitor the traffic of the first network card
Iftop monitoring eth1
Iftop-i eth1 Direct IP display without DNS reverse resolution
IFTOP-N Displays the port number directly and does not display the service name:
Iftop-n shows a network segment in and out of packet traffic
Iftop-f 192.168.1.0/24 or 192.168.1.0/255.255.255.0
Explain the output meaning based on the example
After performing iftop-n-n-i eth1 interface is
19.1Mb 38.1Mb 57.2Mb 76.3Mb 95.4Mb
+-----------------+-----------------+--------------------+--------------------+---------------------
192.168.1.11 => 192.168.1.66 5.3Mb 3.22Mb 3.20Mb
<= 219kb 45.7kb 49.3kb
192.168.1.11 => 192.168.1.29 144kb 30.8kb 29.6kb
<= 11.3Mb 2.38Mb 2.74Mb
192.168.1.11 => 12.2.11.71 0b 6.40kb 6.66kb
<= 0b 0b 0b
192.168.1.11 => 192.168.1.8 2.63kb 1.43kb 932b
<= 1.31kb 1.05kb 893b
192.168.1.11 => 192.168.2.78 2.53kb 1.54kb 2.15kb
<= 160b 160b 187b
192.168.1.11 => 111.126.195.69 0b 166b 69b
<= 0b 0b 0b
------------------------------------------------------------------------------------------------------
TX:CUM:9.70MB PEAK:15.6MB RATES:15.4MB 3.26Mb 3.23Mb
RX:8.38MB 14.9Mb 11.5Mb 2.42Mb 2.79Mb
TOTAL:18.1MB 30.5Mb 27.0Mb 5.69Mb 6.03Mb
The Iftop interface has the following meanings
First line: Bandwidth display
Middle section: The list of external connections, that is, which IP is logged with the local network connection
The middle part to the right: the real-time parameter is the average flow of the access IP connected to the native 2 seconds, 10 seconds and 40 seconds respectively
=> represents sending data, <= represents receiving data
Bottom three lines: Send, receive and total traffic
Bottom three row second column: Run Iftop to current traffic for you
Bottom three row third column: Peak value
Bottom three line fourth: for the average through Iftop interface is easy to find which IP in the Occupy network traffic, this is ifstat can not do. However, the Iftop traffic display unit is MB, this b is bit, is bits, not bytes, and ifstat KB, this b is byte, Byte is 8 times times the bit. Beginners are apt to be misled.
The command to enter the Iftop
Some action commands after entering the Iftop screen (note case)
Press H to toggle whether to show help;
Press N to toggle the display of the IP or host name of the computer;
Press S to toggle whether the local host information is displayed;
Press D to toggle whether to display host information for remote target hosts;
Press T to toggle the display format to 2 lines/1 lines/Show only send traffic/show only receive traffic;
Toggle the display port number or port service name by N;
Press S to toggle whether or not to display the port information of the machine;
Press D to toggle the display of port information for the remote target host;
Press p to toggle whether or not to display port information;
Press p to toggle suspend/continue display;
Whether the average flow graph bar is shown by B switch;
The average flow rate in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;
Press T to toggle whether the total flow of each connection is displayed;
Press L to open screen filtering function, input to filter characters, such as IP, press ENTER, the screen will only display this IP-related traffic information;
Press L to toggle the display of the top of the screen, the scale is different, flow chart will change;
Press J or press K to scroll up or down the screen to display the connection record;
1 or 2 or 3 can be sorted according to the three-column flow data displayed on the right;
Press < sort according to the local name or IP on the left;
Press > To sort the host name or IP of the remote target host;
Press O to toggle to show only current connections;
Press F can edit the filter code, this is the translation over the saying, I have not used this!
Press! You can use the shell command, this is useless! I don't know what command works here!
Press Q to exit monitoring.
Network performance.
#1: top– Process Activity Status
The top command provides a dynamic, real-time view of the running system, such as system processes, memory, and CPU consumption. By default, top displays the process used by the CPU, updated every 5 seconds.
Common Hot Keys
The following are common hotkeys for the top command:
Hot Key Description
T shows/closes summary information.
m displays/shuts down memory information.
A descending display of the system resources consumed can easily identify processes that consume more system resources.
F Interactive mode configuration mode, you can run some specific tasks.
o allows you to select the Sort method interactively in the top command window.
R runs the Renice command on the specified process. (priority)
K runs the kill command on the specified process (kills the specified process)
Z Turn on/off color/black and white display
=> Related commands: How does I find out Linux CPU utilization?
#2: vmstat– System State, memory, CPU usage
The "Vmstat" command reports on system processes, memory, pages, and block IO, traps, and CPU usage.
# Vmstat 3
1. hostname
Hostname no option to display host name
Hostname–d Display the domain name of the machine
HOSTNAME–F displays the full hostname and domain name
Hostname–i Displays the IP address of the current machine
2. Ping
Ping sends the packet to the user at the specified address. When the package is received. The target machine sends a return packet. Ping has two main functions
1. To confirm that the network connection is unblocked.
2. Used to view the speed information of the connection.
If you ping www.yahoo.com it will return its IP address. You can stop the command by CTRL + C.
3. Ifconfig
View the user network configuration. It displays the current network device configuration. This tool is extremely useful for the need to receive or send data error lookup.
4. Iwconfig
The Iwconfig tool is similar to Ifconfig and Ethtool. is used for the wireless network card. You can use it to set basic Wi-Fi network information, such as SSID, channel, and encryption. There are many other configurations you can also view and modify, including receiving sensitivity, rts/cts, packet size of packets sent, and retransmission mechanism of the wireless network card.
5. Nslookup
Nslookup This command, when you have an IP address, you can use this command to display the hostname, and you can find all the IP addresses for a given domain name. And you have to connect to the Internet to use this command.
Example. Nslookup blogger.com
You can also use Nslookup to get the host name from IP or get IP from the host name.
6. Traceroute
A handy tool. Can be used to view the IP address, hop count, and response time of the router that the packet passes through when it is committed to the remote system or Web site. Also you must link to the Internet to use this command
7. Finger
View user information. Displays the user's login name, real name, and logon terminal name and logon rights. This is a very old Unix command, and it's rarely used now.
8. Telnet
Connect to the target host through the Telnet protocol, which represents a good connection between two hosts if the Telnet connection can be done on either end.
Telnet hostname Port-uses the specified port Telnet host name. This is typically used to test whether the host is online or if the network is normal.
9. Ethtool
Ethtool allows you to view and change many of the network card settings (excluding Wi-Fi cards). You can manage a number of advanced settings, including TX/RX, checksum, and network wakeup features. Here are some basic commands you might be interested in:
Displays driver information for a specific network adapter, especially useful when checking software compatibility.
Ethtool-i
Start an adapter's specified behavior, such as flashing the adapter's LED light to help you identify the interface name in multiple adapters or interfaces:
Ethtool-p
Show Network statistics:
Ethtool-s
Set the connection speed of the adapter in Mbps:
Ethtool Speed <10|100|1000>
Netstat
Discover the most useful Linux commands for host connections. You can use "netstat-g" to query all multicast groups (networks) that this host subscribes to
Netstat-nap | grep port will show the process ID of the application using that port
netstat-a or Netstat–all will display all connections including TCP and UDP
Netstat --tcp or netstat–t will display the TCP connection
netstat--udp or netstat–u will display the UDP connection
Netstat-g will display all multicast networks that host subscribes to.