Shulou(Shulou.com)06/01 Report--

The editor will share with you what network monitoring tools Linux has. I hope you will get something after reading this article. Let's discuss it together.

Netstat

Netstat is an omnipotent network monitoring tool under Linux, which can monitor host network packet statistics and network card information on the command line. It can display current network connections, routing tables, and many network interface and network protocol statistics. Netstat is installed by default in many distributions, such as Centos 6, which is replaced by iptraf2's ss by default under centos 7 and 8, but not installed by default. But it can be installed.

Ubuntu and Debian users can install using the default apt package manager. Part of the Netstat imperative package net-tools. And can be installed by running the following command in shell or terminal:

Sudo apt-get install net-tools

CentOS,Fedora and RHEL users can use the yum package manager:

Yum install net-tools

After installation, run the following command to monitor network packet statistics using Netstat:

Netstat

The most common methods for netstat:

Netstat-nt (u) lp

Used to view the information that the native application is listening to, including the network, port, and program name and their Pid

To view the network connection of this computer in real time, you need to use the parameter-a

You can list the local IP and port of the current network connection, as well as the IP and port of the remote end, as well as the network connection status, so as to analyze the health of the service, optimize the network (configure kernel network parameters), troubleshoot, and so on. With a single-line command, you can list the current number of individual TCP connection states:

Netstat-natlp | perl-lane 'print $F [5]' | sort | uniq-c 2 CLOSE_WAIT 1 established) 29 ESTABLISHED 1 Foreign 23 LISTEN 5 TIME_WAIT

A more common method for netstat is to use it to check the native network (card) configuration, which has the same effect as ifconfig:

Netstat-ie

For more uses of netstat, we can directly view the user manual (this applies to all Linux commands) by typing man netstat in shell or terminal:

Man netstat

SS

The SS command provided by iproute2 is a new generation of network tool used by many distributions to replace netstat. It can get information faster, and using ss on machines with a large amount of network access can get links faster.

Iproute2 is available in many default distributions and can be easily installed using the package manager using the following command:

Sudo apt-get install iproute2 yum install iproute2

Man ss can get information about how to use SS.

-l displays all ports opened locally

-pl displays socket processes and ports, and netstat-nutlp

-tpl and-upl show locally monitored TCP and UDP connections

-ta displays all TCP connections. -ua displays all UDP connections. To count the network connection statistics for each connection status, you can use:

Ss-a | perl-lane 'print $F [1]' | sort | uniq-c

When the number of host connections is very large, the comparison of netstat,ss statistics is very fast. The main reason is that the tcp_diag module of TCP protocol stack is used in the implementation of ss, and the relevant network information can be obtained directly from the kernel. Netstat is relatively slow by reading / proc/net/tcp information and then calculating it statistically.

Ss supports filtering syntax, such as the following:

Ss-o state established'(dport =: ssh or sport =: ssh) 'shows all established SSH (default port 22) connections

Ss-o state established'(dport =: http or sport =: http) 'shows all established HTTP connections

You can filter based on other fields, such as listing the connections on the native machine (127.0.0.1), you can use the

Ss src 127.0.0.1

Network traffic statistics

1. Iftop

If you want to use the network bandwidth usage of the host, you can usually use iftop. Iftop is specifying the network card, and if the interface is not specified, all network traffic is displayed and the current bandwidth usage table is displayed by host pair.

In the statistics window, press h to get help:

Iftop can be installed through distribution package management:

Sudo apt-get install iftop

Use the following command to install iftop on your computer using yum

Yum install iftop

2. Nethogs

Nethogs is a free web statistics tool. Nethogs can count network traffic by process PID because it groups bandwidth by process, rather than by protocol or subnet, as most tools do. Nethogs is rich in features, supports both IPv4 and IPv6, and is the best utility when it comes to counting bandwidth usage information on Linux hosts. Nethogs is also installed directly using the distribution package installation.

Linux users can use nethogs to display the TCP download and upload speed of each process.

3. Nload

Nload is a console application that monitors network traffic and bandwidth usage in real time and visualizes traffic by providing two easy-to-understand charts.

Nload is very easy to use and can be started directly with nload without the need for additional command-line options. It also provides a shortcut key to switch directly in the network card when monitoring, and the traffic statistics of different network ports can be displayed by pressing the left and right arrow keys.

The nload tool provides graphics that are easy to understand and provide the most useful statistics and other information, such as the total amount of data transferred and minimum / maximum network usage.

4. Lurm

Slurm has a very useful network load monitoring tool, which shows very concise results and supports many interactive shortcuts, such as c switching to classic mode, s switching to split graph mode, r redrawing the screen, L to enabling TX / RX led,m to switch between classic split view and large view, Q can exit.

Slurm is available in the official Ubuntu and Debian repositories, and users can easily download it using the apt install command, as shown below.

Apt instal slurm

5. Collectl

Collectl can be used to collect data that describes the current state of the system and supports both recording mode and playback mode.

The recording mode allows you to obtain data from a real-time system and display or write one or more files or sockets on the terminal.

The playback mode can be read and displayed in one or more data files generated in the recording mode.

Collectl can be directly started to run, can display system CPU, disk and network statistics:

You can use the-s option to make the information that needs to be counted:

For example, to count detailed network information, you can use collectl-sN

Collectl is a very comprehensive and powerful tool, which is not covered in this article due to space, and can be introduced specifically in the future.

6. Speedometer

Speedometer is a small and simple tool that maps downstream and upstream traffic only through a given network port. Speedometer can be easily installed using the release Manager with the following command:

Sudo apt-get install speedometer or yum install speedometer

Speedometer is very easy to use and can be started directly from the command line or from the terminal

Speedometer-r eth0-t eth0

7. Tcptrack

Tcptrack displays the status of TCP connections seen on a given network interface. Tcptrack monitors their status and displays information such as status, source / destination addresses and bandwidth usage in the sorted list of updates

Tcptrack needs to be run as root authority or superuser, and needs to be executed with the name of the network port whose TCP connection you want to monitor:

Sudo tcptrack-I eth0

If you want a specific port, you can use port to indicate the specific port in the Nic name:

Tcptrack-I wlan2 port 80

Tcptrack also supports reading network capture packages in .pcap format, counting them, displaying them directly, or saving them as files.

Third, the network grabs the packet

1. Tcpdump

TCPDump is a tool for network monitoring and network packet crawling. Use tcpdump to debug network or server-related problems by grabbing packets.

Tcpdump is available in Debian's default repository, Ubuntu, so we can simply use apt manager to install with sudo privileges. To do this, we need to run the following command in Shell or terminal.

Tcpdump needs to be run as root privilege or superuser, if you want to monitor the network eth0 of the TCP connection:

Sudo tcpdump

You can specify a specific network port with-I, or you can specify a port through port (such as web 80)

Tcpdump-I eth0 'port 80'

Tcp package capture results can be saved as pcap files, and then analyzed with other tools, such as Wireshark tool:

Tcpdump-I eth0-w aaa.pcapwireshark aaa.pcap

2. Tcpflow

Tcpflow is also a command-line network packet grabber that captures data transferred as part of a TCP connection (stream) and stores data in a manner that facilitates protocol analysis or debugging. It rebuilds the actual data flow and stores each stream in a separate file for later analysis. It knows the TCP sequence number and will correctly reconstruct the data stream, regardless of retransmission or unordered delivery. Like tcpdump, tcpflow displays data content in streams, while tcpdump displays data in packets. It is more convenient to analyze with tcpflow. By default, tcpflow does not print information on the terminal, but in the source ip. Port-destination ip. The port creates file display information for the file name under the current folder. You can use-cp to print package information directly from the terminal.

Tcpflow-cp

You can use-I to define a specific network port port, such as:

Sudo tcpflow-I eth0 port 80

3. Wireshark and tshark

It is estimated that many students are familiar with the wireshark graphical interface tool, so we will not introduce it any more because of the limited space. Instead, I would like to introduce wireshark's command line brother tshark:

The tshark installation can be installed using the distribution package manager:

Sudo apt install tshark yum install wireshark

Tshark is easy to use and can be started directly with the command:

Tshark has the same powerful features and various filtering options as tcpdump, which is not described in detail in this article. Here are two commonly used examples for your reference:

Capture packet http protocol flow:

Tshark-s 512-I eth0-n-f 'tcp dst port 80'-R' http.host and http.request.uri'-T fields-e http.host-e http.request.uri

Explanation:

-s: capture the first 512 bytes of information

-I: capture eth0 network card

-n: no escape interpretation for network objects

-f: rule-making capture protocol is tcp, target port 80

-R: filter the http.host and http.request.uri fields

-e: print these two fields

Capture the sql query statement on the database server, which can be used for database audit:

Tshark-s 512-I eth0-n-f 'tcp dst port 3306'-R 'mysql.query'-T fields-e mysql.query

Explanation:

-R 'mysql.query': filters out the mysql.query field

-T fields-e mysql.query: print this field

Nagios network monitoring

Nagios is a leading open source powerful monitoring and alarm system that allows network / system administrators to identify and resolve server-related problems before affecting major business processes. With the Nagios system, administrators can monitor remote Linux,Windows, switches, routers and printers in a single window. According to the threshold set, alarm the host and monitoring items that exceed the standard, and then troubleshoot the specific problems.

Nagios has a Web interface with active graphical monitors. Interface. If you are on a remote computer, replace localhost with your IP address. Then enter the user name and pass, and then we will see the information shown below.

After reading this article, I believe you have a certain understanding of "what network monitoring tools Linux has". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.