Real-time Network traffic monitoring tool under Linux
Daquan
Found in the work, often because of business reasons, need to know the traffic of a server network card, although the company also deployed cacti software, but the cacti is five minutes statistics, no instant, and sometimes open the monitoring page inconvenient, personal like to easily enter a command on a server, View network card Instant traffic. Baidu a bit, found that there are so several methods, is now a summary of this kind of software.
First, Iptraf software
Rhel's ISO contains, my company's system, and no default installation, it is powerful, can follow the protocol, network card analysis.
1.1 Iptraf Installation
SOURCE Installation
wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
Tar zxvf iptraf-3.0.0.tar.gz
CD iptraf-3.0.0
./setup
Yum mode installation
Yum Install-y Iptraf
1.2 Iptraf use
[Email protected] opt]# Iptraf
Press any key to continue
First item: IP traffic Monitoring
Second item: General view network card traffic status. View only the total traffic for each NIC
The third item: Check the network card traffic status in detail. such as by Tcp,udp,arp and other protocols to view
Select all interfaces to view all NIC interfaces
The interface is divided into two parts, the upper part can show in detail which IP is connected with, how many packets are sent, what is the real-time traffic, the next part, can display UDP and other information.
Press Q to exit the monitoring interface and select Exit to exit Iptraf.
Second, nload software
Rhel ISO does not take, need to go to third-party website download source package. The function is relatively single, can only see the total traffic, not like the preceding Iptraf, can see the total traffic, can be subdivided to view the traffic of other protocol points. Nload default is divided into two blocks, each of which has current traffic (Curr), average traffic (Min), maximum traffic (max), total traffic (TTL), and looks more intuitive.
2.1 Nload Installation
wget http://www.roland-riegel.de/nload/nload-0.7.2.tar.gz
Tar zxvf nload-0.7.2.tar.gz
CD nload-0.7.2
./configure–prefix=/usr/local/nload
Make
Make install
2.2 Nload Use
[Email protected] opt]#/usr/local/nload/bin/nload eth0
Third, Ifstat software
Rhel ISO is not self-bringing, although to third-party Web site download source package, compile and install. This software also has Windows version, it can report the network interface traffic status, can see the network card outflow and incoming bytes, is produced once per second data.
3.1 Ifstat Installation
wget http://gael.roualland.free.fr/ifstat/ifstat-1.1.tar.gz
TAR-ZXVF ifstat-1.1.tar.gz
CD ifstat-1.1
./configure--prefix=/usr/local/ifstat
Make
Make install
3.2 Ifstat Use
3.3 Related parameters
-L Monitoring Loop network Interface (LO). By default, Ifstat monitors all non-loop network interfaces for the activity. Using the found, plus-l parameter can monitor all network interface information, rather than just monitor the Lo interface information, that is, plus the-l parameter than the-l parameter will be more than one LO interface state information.
-A monitors the status information of all network interfaces that can be detected. Use found, than with the-l parameter more than a PLIP0 interface information, search to find this is the same port (network device has a called plip (Parallel line Internet Protocol). It offers the same mouth ... )
-Z Hidden traffic is an interface that is not available, for example those interfaces that have started but are not used
-i specifies the interface to be monitored, followed by the network interface name
-S equals plus-D snmp:[[email protected]][#]host[/nn]] parameter to query a remote host via SNMP
-H Display short help information
-N turns off the display of recurring header information (that is, the name of the network interface will appear at the top of the ifstat when run without the-n parameter, and when one screen does not appear, the name of the interface will appear again, prompting us to show the traffic information specifically which network interface. Add the-n parameter to turn off the periodic display interface name only once
-T adds a timestamp at the beginning of each line (can tell us the exact time)
-T reports the full bandwidth of all monitoring interfaces (the last column has a total, which shows all of the interface's in flow and the out traffic for all interfaces, simply adds the in flow of all the interfaces together, and the out traffic adds)
-W automatically enlarges the column width with the specified column width instead of adapting to the length of the interface name
-W If the content is wider than the width of the terminal window, wrap it automatically.
-S maintains status updates on the same line (does not scroll without wrapping) Note: This is handy if you don't like the screen scrolling, similar to how Bmon is displayed
-B displays bandwidth instead of KBYTES/S with kbits/s (bit and byte should know what the difference is)
-Q Quiet mode, warning message does not appear
-V Display version information
-d Specifies a driver to collect state information
IV. SAR software
This tool is included in the Rhel ISO, which is an excellent performance monitoring tool that not only monitors the network, it can display CPU, run queue, disk I/O, paging (swap area), memory, CPU interrupt and other performance data. SAR command in the Sysstat package, my company system does not install this package, so to install it, only the SAR command.
4.1 SAR Installation
Yum Install Sysstat
4.2 SAR Use
The command after 5 2 means: every 5 seconds to take a value, take 2 times.
Iface:lan interface
RXPCK/S: Packets Received per second
TXPCK/S: Packets Sent per second
rxbyt/s: Number of bytes received per second
txbyt/s: Number of bytes sent per second
RXCMP/S: Compressed packets received per second
TXCMP/S: Compressed packets sent per second
RXMCST/S: Multicast packets received per second
V, Iftop software
RHEL ISO does not own, iftop can be used to monitor the network card real-time traffic (can specify network segment), reverse resolution IP, display port information, etc.
5.1 Iftop Installation
wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
Tar zxvf iftop-0.17.tar.gz
CD iftop-0.17
./configure–prefix=/usr/local/iftop
Make
Make install
5.2 Iftop Use
[Email protected] opt]#/usr/local/iftop/sbin/iftop
5.3, Interface related instructions
The interface above shows a scale range similar to that of the scale, which is used as a ruler for the bar showing the flow graph.
The <= in the middle and the two left and right arrows indicate the direction of the flow.
TX: Send Traffic
RX: Receive Traffic
Total: Overall flow
Cumm: Total traffic running iftop to current time
Peak: Traffic Peaks
Rates: Represents the average traffic for the past 2s 10s 40s, respectively
5.4. Related parameters
Common parameters
-I set the monitoring network card, such as: # Iftop-i eth1
-B displays traffic in bytes (default is bits), such as: # Iftop-b
-N Causes the host information to display IP directly by default, such as: # Iftop-n
-N causes port information to be displayed by default directly, such as: # Iftop-n
-F shows incoming and outgoing traffic for a specific segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0
-H (Display this message), Help, display parameter information
-p after using this parameter, the middle list shows the local host information, and the IP information outside of this machine appears;
-B to display the flow graph bar by default;
-F This is not very likely to use, filter the calculation of the packet;
-P enables host information and port information to be displayed by default;
-M sets the maximum value of the top-most scale of the interface, with a scale of five large segments, for example: # iftop-m 100M
This article is from the "System network operation and Maintenance" blog, please be sure to keep this source http://369369.blog.51cto.com/319630/805726