Network administrators need to know whats going on with their network, who's using the bandwidth and how their IT infrastructure is handling the load. It is a very dificult task for every network admin to monitor and debug Linux network related problems.
But, it is much easier, if you have right tools at your disposal.
In this tutorial, we will look at the most popular Linux Network Monitoring Tools.
Nload is a console-based application that monitors network traffic and bandwidth usage in real time, and allows users to monitor the incoming and outgoing traffic separately.
Nload shows you the incoming and outgoing traffic using two graphs and also provides the total amount of transferred data and min/max network usage.
Nload is very useful if you want to see the total bandwidth usage without details of individual processes.
By default, nload is available in the Ubuntu repository. You can easily install it by running the following command:
sudo apt-get install nload
Run the following command to start monitoring your network:
If you want to monitor network traffic on interface eth0, then simply run the following command:
sudo nload eth0
If you want to refresh interval of the display every 300 milliseconds, then just hit the following command:
sudo nload -t 300
Iftop is a real-time command line tool that listens to network traffic on a given interface such as eth0, eth1, wlan0 etc and displays a table of current bandwidth usage by pairs of hosts. If you want to see daily internet/bandwidth usage of your system or server, then iftop is best for you.
You can install iftop by simply running the following command:
sudo apt-get install iftop
Once iftop is installed, use iftop with the following command:
sudo iftop -i eth0
If you want to see the on-screen help, then just run the following command:
-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B Display bandwidth in bytes
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
iftop, version 1.0pre2
copyright (c) 2002 Paul Warren and contributors
NetHogs is an open source small "net top" tool that is used to monitor network traffic by process. NetHogs groups bandwidth by process instead of breaking the traffic down per protocol or per subnet, it is very useful when it comes to find out which PID is causing the problem with your network. If you want to find out programs that are consuming all your bandwidth on your linux system, then NetHogs is best for you.
Display both download and upload speed per process
Supports both Ethernet and PPP
Supports both IPv4 and IPv6
You can easily install NetHogs in Ubuntu system by running the following command:
Once NetHogs is installed, you can easily run it with the following command on your terminal.
By default, NetHogs listens on eth0 interface and displays the bandwidth consumption of the processes.
If you want to monitor bandwidth usage of eth1 interface, run the following command.
sudo nethogs eth1
You can also set refresh intervals using -d along with seconds.
sudo nethogs -d 10
For more information of nethogs command, run the following command:
IPTraf is a console-based software-only analyzer for Linux that gathers TCP connection packets, byte counts interface statistics and activity indicators. It shows you individual connections and the amount of data flowing between the hosts. You can use IPTraf to monitor the load on an IP network, and used types of network services.
TCP packet and byte counts, and flag statuses.
TCP and UDP service statistics and ICMP type information.
Source and destination addresses with port numbers.
Statistics of LAN.
You can install IPTraf on Ubuntu system by running the following command:
sudo apt-get install iptraf
Once IPTraf installed, you can launch IPTraf interface by running the following command:
You should see IP traffic monitoring, general interface statistics, statistical breakdowns, filters and some configuration options.
You can also start the IP traffic monitor on a particular interface. For example, you can start the IP traffic on interface eth1, run the following command:
sudo iptraf -i eth1
To monitor TCP/UDP trafic on eth1 interface, run the following command:
sudo iptraf -s eth1
Similarly, you can also monitor TCP/UDP traffic on a specific interface, using the following command.
iptraf -s eth0
If you want to know more options, run the following command:
sudo iptraf -h
vnStat is a console-based network traffic monitor for Linux that uses statistics provided by the kernel which ensures light use of system resources.
This tool can help you to monitor, log and view network statistics over various time periods. It provides summaries on various network interfaces such as eth0, wlan0, etc.
You can also view hourly, daily, monthly statistics in the form of a detailed table using vnstat.
You can install vnstat on Ubuntu system by running the following command:
sudo apt-get install vnstat
Once the installation is complete, you will need to configure it as it does not start on its own.
Now, tell vnStat the network interfaces to monitor.
vnstat -u -i eth0
The above command activates monitoring on interface eth0.
Now, start vnstat by running the following command:
You can also monitor live bandwidth usage by running the following command:
sudo vnstat -l -i eth0
To view all the network interfaces available in your system, use the command:
sudo vnstat --iflist
Available interfaces: vethQ75PDB br-7b9ff245c3a0 lo lxcbr0 wlan0 docker0
Bmon is a portable real-time bandwidth monitor tool that supports various input methods for different architectures. Bmon is used to gather the live network traffic related data. You can easily monitor network load over all the network interface on the system using bmon.
Total download and upload speed on each network interface.
Total network bandwidth usage per network interface.
Detail information about network such as sent and received packets.
You can install bmon on Ubuntu system by running the following command:
sudo apt-get install bmon
Once bmon is installed, run the following command to start monitoring your system:
collectl is a command-line utility that can be used to collect performance data that describes the current system status. Collectl comes with set of options that are used to measure the values of multiple different system metrics and also save the data for future. Collectl is used to gather information about cpu, network, disk, memory, tcp, nfs, and processes.
Run interactively or daemon.
Combination of ps, top, iotop, vmstat tools.
Ability to monitor any subsystem and record the captured data.
Display output in terminal and also write it to a file.
Easily monitor remote machine and server.
You can install collectl on Ubuntu system by running the following command:
sudo apt-get install collectl
Once the collectl is installed, you can easily run it from your terminal:
Tcpdump is a powerful command-line package analyzer tool that is used to capture TCP/IP packets received over a network on a specific interface. Tcpdump allows you to store captured output in a file for future analysis. Tcpdump works on most unix-based operating system such as Linux, Solaris, BSD, OS X, Android and AIX.
By default, most Linux distributions comes with tcpdump tool. If you don't have it on your system, you can install it by running the following command:
sudo apt-get install tcpdump
You can see the list of interfaces on which tcpdump can listen by running the following command:
sudo tcpdump -D
4.bluetooth0 (Bluetooth adapter number 0)
7.any (Pseudo-device that captures on all interfaces)
Now, run the following command to listen on interface wlan0:
sudo tcpdump -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
Now, start capturing packets by running the following command:
sudo tcpdump -vv
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:26:55.657252 IP (tos 0x0, ttl 50, id 59232, offset 0, flags [DF], proto TCP (6), length 52)
webserver.aarth.com.http > Vyom-PC.33878: Flags [F.], cksum 0x534b (correct), seq 2322559038, ack 3658694015, win 114, options [nop,nop,TS val 84581743 ecr 424085], length 0
19:26:55.657431 IP (tos 0x0, ttl 64, id 20423, offset 0, flags [DF], proto TCP (6), length 52)
Vyom-PC.33878 > webserver.aarth.com.http: Flags [.], cksum 0x524b (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 424226 ecr 84581743], length 0
19:26:56.171154 IP (tos 0x0, ttl 64, id 35621, offset 0, flags [DF], proto UDP (17), length 71)
Vyom-PC.45063 > 192.168.43.1.domain: [udp sum ok] 19257+ PTR? 184.108.40.206.in-addr.arpa. (43)
19:26:56.173191 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 92)
192.168.43.1.domain > Vyom-PC.45063: [udp sum ok] 19257* q: PTR? 220.127.116.11.in-addr.arpa. 1/0/0 18.104.22.168.in-addr.arpa. PTR Vyom-PC. (64)
19:26:56.174256 IP (tos 0x0, ttl 64, id 35622, offset 0, flags [DF], proto UDP (17), length 71)
Vyom-PC.38534 > 192.168.43.1.domain: [udp sum ok] 27978+ PTR? 22.214.171.124.in-addr.arpa. (43)
19:26:56.175545 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 104)
192.168.43.1.domain > Vyom-PC.38534: [udp sum ok] 27978 q: PTR? 126.96.36.199.in-addr.arpa. 1/0/0 188.8.131.52.in-addr.arpa. PTR webserver.aarth.com. (76)
19:26:57.177633 IP (tos 0x0, ttl 64, id 35623, offset 0, flags [DF], proto UDP (17), length 71)
Vyom-PC.43909 > 192.168.43.1.domain: [udp sum ok] 39537+ PTR? 184.108.40.206.in-addr.arpa. (43)
19:26:57.178910 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 71)
192.168.43.1.domain > Vyom-PC.43909: [udp sum ok] 39537 NXDomain q: PTR? 220.127.116.11.in-addr.arpa. 0/0/0 (43)
19:26:59.385007 IP (tos 0x0, ttl 64, id 16886, offset 0, flags [DF], proto TCP (6), length 52)
Vyom-PC.33874 > webserver.aarth.com.http: Flags [.], cksum 0xdc09 (correct), seq 2660449006, ack 2608338423, win 237, options [nop,nop,TS val 425158 ecr 84580185], length 0
19:26:59.425192 IP (tos 0x0, ttl 64, id 57724, offset 0, flags [DF], proto TCP (6), length 52)
Vyom-PC.33875 > webserver.aarth.com.http: Flags [.], cksum 0xa466 (correct), seq 3294075758, ack 571883679, win 237, options [nop,nop,TS val 425168 ecr 84580199], length 0
19:26:59.727002 IP (tos 0x0, ttl 50, id 33757, offset 0, flags [DF], proto TCP (6), length 52)
webserver.aarth.com.http > Vyom-PC.33874: Flags [.], cksum 0xdc11 (correct), seq 1, ack 1, win 156, options [nop,nop,TS val 84582757 ecr 422658], length 0
19:26:59.826828 IP (tos 0x0, ttl 50, id 43229, offset 0, flags [DF], proto TCP (6), length 52)
webserver.aarth.com.http > Vyom-PC.33875: Flags [.], cksum 0xa463 (correct), seq 1, ack 1, win 156, options [nop,nop,TS val 84582782 ecr 422668], length 0
To save the captured packets in a file called tcpdump.cap, run the following command:
sudo tcpdump -w tcpdump.cap
Nmon also known as "Nigel's Performance Monitor" is a performance monitoring and benchmark tool that can be used to display performance data about the cpu, memory, network, disk, file system, nfs, resources, etc. Nmon gather information and displays it onscreen or saves to a file.
You can install nmon on Ubuntu system by running the following command:
sudo apt-get install nmon
Once nmon is installed, you can launch it by running the following command:
│ ------------------------------ For help type H or ... │
│ # # # # #### # # nmon -? - hint │
│ ## # ## ## # # ## # nmon -h - full │
│ # # # # ## # # # # # # │
│ # # # # # # # # # # To start the same way every time │
│ # ## # # # # # ## set the NMON ksh variable │
│ # # # # #### # # │
│ ------------------------------ │
│ Use these keys to toggle statistics on/off: │
│ c = CPU l = CPU Long-term - = Faster screen updates │
│ m = Memory j = Filesystems + = Slower screen updates │
│ d = Disks n = Network V = Virtual Memory │
│ r = Resource N = NFS v = Verbose hints │
│ k = kernel t = Top-processes . = only busy disks/procs │
│ h = more options q = Quit │
As you can see from the above output, nmon runs in interactive mode and use it with the keys to toggle statistics.
In the above tutorial, you have learned of various tools to quickly check the network bandwidth on your linux server or host system. There are also web based tools available to do the same task. I hope you can now easily install and use these tools in production environment to monitor and troubleshoot network performance.
Need Hosting? Try ours, it's fast, reliable and feature loaded with support you can depend on. From £1.60 / month.
Do you need to increase the memory limit in WordPress? Getting an error about memory Exhausted? The memory limit is one of the most common WordPress errors as the default limit of memory in WordPress is only set to 64mb! But there’s good news! The Memory Exhausted error is one...
A vulnerability has been discovered in the “All In One WordPress Migration” WordPress plugin. All versions earlier than, and including 6.97 contain a vulnerability which allows Cross-Site Scripting (XSS).With over 2 million active installations, this vulnerability has the potential to be high impact, however, this is lessened by the nature...
HostPresto will be launching a European point of presence in the coming weeks, specifically in Amsterdam. For customers needing their data located within the EU still please contact support to request migration to this location with ticket subject ‘EU Migration’. We will ensure this is actioned well before the Brexit...