Check Network Traffic Linux Part 2

free = memory usage
Free command displays the total amount of physical memory and swap is used and not used in the system as well as the buffers used by the kernel.

iostat = average CPU load and Disk Activity
Iostat command reports statistics Central Processing Unit (CPU) statistics and input or output from the device, partitions and network file systems (NFS).
apt-get install sysstat

sar = collects and Reports System Activity
The sar command is used to collect, report and store activity information system. To see the network enter calculations:
sar -n DEV | more

To see the network calculation since the 24th:
sar -n DEV -f /var/log/sa/sa24 | more

You can also display the usage in real time with the sar:
sar 4 5

mpstat = Purpose Multiprocessor
Mpstat command display the activity from any processor, processor 0 is the first processor. "mpstat-P ALL" displays the average CPU utility per processor.
mpstat -P ALL

pmap-process memory usage
Pmap command displays the memory map of a process. Use this command to find out the cause of memory bottlenecks.
pmap -d PID

To display process memory information from pid # 47394, enter:
pmap -d 47394

Netstat and ss = Statistics Network
The command netstat displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Ss command is used to view statistics on the socket. He can show similar to netstat. See article about the ss and netstat commands:

tcpdump = Network Traffic Analysis Detailed
tcpdump is a simple command to dump traffic on a network. We need the knowledge or understanding of the TCP/IP protocol to be able to utilize this tool. For example, to display information about DNS traffic, write:
tcpdump -i eth1 'udp port 53'

To display all IPv4 HTTP packets to and from port 80, showing only the packages that contain the data and not the package SYN, FIN and ACK packets only, write:
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To display all FTP session to, wrote:
tcpdump -i eth1 'dst and (port 21 or 20'

To display the HTTP session to
tcpdump -ni eth0 'dst and tcp and port http'

Use wireshark to view detailed information about files, enter:
tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

/Proc file system = Various Kernel Statistics
/proc file system provides detailed information about various hardware equipment and information on the Linux kernel.
cat /proc/cpuinfo
cat /proc/meminfo
cat /proc/zoneinfo
cat /proc/mounts

Some other tools:
nmap = scan ports open on your server.
lsof = list open files, network connections and much more.
ntop web based tool = ntop is the best tool to view network usage, similar to the top command but this is an application for monitoring network traffic. You can view the status of the network, the network traffic on protocols UDP, TCP, DNS, HTTP and other protocols.

Is the best tool to view network usage in a way similar to what top does for processes commands i.e. requires network traffic monitoring software. You can view network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.

1. Conky = a good Monitoring tool for the X Window System. Conky is highly konfigurable and monitor many system variables including the status of CPU, memory, swap, disk storage, temperature, process, network interface, power batre, system messages, e-mail inboxes and others.
2. GkrellM = can be used to monitor the status of CPUs, main memory, hard disks, network interfaces, local and remote mailbox and many other things.
3. vnstat = vnStat network traffic monitor is a console-based. This tool is keeping a log of network traffic hourly, daily and monthly from the selected interface.
4. htop = htop is an enhanced version of the top, look at the process of interactively that can display the process using the shape of the tree.
5. mtr = mtr combines the function of traceroute and ping programs in a network diagnostic tool.

Click here for Comments