Network monitoring on Linux
This post mentions some linux command line tools that can be used to monitor the network usage.
These tools monitor the traffic flowing through network interfaces and measure the speed at which data is currently being transferred. Incoming and outgoing traffic is shown separately.
Some of the commands, show the bandwidth used by individual processes. This makes it easy to detect a process that is overusing network bandwidth.
The tools have different mechanisms of generating the traffic report.
Some of the tools like nload read the "/proc/net/dev" file to get traffic stats, whereas some tools use the pcap library to capture all packets and then calculate the total size to estimate the traffic load.
Here is a list of the commands, sorted by their features.
- 1. Overall bandwidth - nload, bmon, slurm, bwm-ng, cbm, speedometer, netload
- 2. Overall bandwidth (batch style output) - vnstat, ifstat, dstat, collectl
- 2. Bandwidth per socket connection - iftop, iptraf, tcptrack, pktstat, netwatch, trafshow
- 3. Bandwidth per process - nethogs
Now lets take a look at each of the commands and how to use them to monitor network usage:
1. Nload
Nload is a commandline tool that allows users to monitor the incoming and outgoing traffic separately.
It also draws out a graph to indicate the same, the scale of which can be adjusted. Easy and simple to use, and does not support many options.
So if you just need to take a quick look at the total bandwidth usage without details of individual processes, then nload will be handy.
$ nload
Installing Nload - Fedora and Ubuntu have got it in the default repos. CentOS users need to get nload from Epel repositories.
# fedora or centos $ yum install nload -y # ubuntu/debian $ sudo apt-get install nload
2. iftop
Iftop measures the data flowing through individual socket connections, and it works in a manner that is different from Nload.
Iftop uses the pcap library to capture the packets moving in and out of the network adapter, and then sums up the size and count to find the total bandwidth under use.
Although iftop reports the bandwidth used by individual connections, it cannot report the process name/id involved in the particular socket connection.
But being based on the pcap library, iftop is able to filter the traffic and report bandwidth usage over selected host connections as specified by the filter.
$ sudo iftop -n
The n option prevents iftop from resolving ip addresses to hostname, which causes additional network traffic of its own.
Install iftop - Ubuntu/Debian/Fedora users get it from default repos. CentOS users get it from Epel.
# fedora or centos yum install iftop -y # ubuntu or debian $ sudo apt-get install iftop
3. iptraf
Iptraf is an interactive and colorful IP Lan monitor. It shows individual connections and the amount of data flowing between the hosts. Here is a screenshot
$ sudo iptraf
Install iptraf
# Centos (base repo) $ yum install iptraf # fedora or centos (with epel) $ yum install iptraf-ng -y # ubuntu or debian $ sudo apt-get install iptraf iptraf-ng
4. nethogs
Nethogs is a small 'net top' tool that shows the bandwidth used by individual processes and sorts the list putting the most intensive processes on top.
In the event of a sudden bandwidth spike, quickly open nethogs and find the process responsible. Nethogs reports the PID, user and the path of the program.
$ sudo nethogs
Install Nethogs - Ubuntu, Debian, Fedora users get from default repos. CentOS users need Epel
# ubuntu or debian (default repos) $ sudo apt-get install nethogs # fedora or centos (from epel) $ sudo yum install nethogs -y
5. bmon
Bmon (Bandwidth Monitor) is a tool similar to nload that shows the traffic load over all the network interfaces on the system. The output also consists of a graph and a section with packet level details.
Install Bmon - Ubuntu, Debian and Fedora users can install from default repos. CentOS users need to setup repoforge, since its not available in Epel.
# ubuntu or debian $ sudo apt-get install bmon # fedora or centos (from repoforge) $ sudo yum install bmon
Bmon supports many options and is capable of producing reports in html format. Check the man page for more information
6. slurm
Slurm is 'yet' another network load monitor that shows device statistics along with an ascii graph. It supports 3 different styles of graphs each of which can be activated using the c, s and l keys. Simple in features, slurm does not display any further details about the network load.
$ slurm -s -i eth0
Install slurm
# debian or ubuntu $ sudo apt-get install slurm # fedora or centos $ sudo yum install slurm -y
7. tcptrack
Tcptrack is similar to iftop, and uses the pcap library to capture packets and calculate various statistics like the bandwidth used in each connection.
It also supports the standard pcap filters that can be used to monitor specific connections.
Install tcptrack - Ubuntu, Debian and Fedora have it in default repos. CentOS users need to get it from RepoForge as it is not available in Epel either.
# ubuntu, debian $ sudo apt-get install tcptrack # fedora, centos (from repoforge repository) $ sudo yum install tcptrack
8. Vnstat
Vnstat is bit different from most of the other tools. It actually runs a background service/daemon and keeps recording the size of data transfer all the time.
Next it can be used to generate a report of the history of network usage.
$ service vnstat status * vnStat daemon is running
Running vnstat without any options would simply show the total amount of data transfer that took place since the date the daemon is running.
$ vnstat
Database updated: Mon Mar 17 15:26:59 2014
eth0 since 06/12/13
rx: 135.14 GiB tx: 35.76 GiB total: 170.90 GiB
monthly
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Feb '14 8.19 GiB | 2.08 GiB | 10.27 GiB | 35.60 kbit/s
Mar '14 4.98 GiB | 1.52 GiB | 6.50 GiB | 37.93 kbit/s
------------------------+-------------+-------------+---------------
estimated 9.28 GiB | 2.83 GiB | 12.11 GiB |
daily
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
yesterday 236.11 MiB | 98.61 MiB | 334.72 MiB | 31.74 kbit/s
today 128.55 MiB | 41.00 MiB | 169.56 MiB | 24.97 kbit/s
------------------------+-------------+-------------+---------------
estimated 199 MiB | 63 MiB | 262 MiB |
To monitor the bandwidth usage in realtime, use the '-l' option (live mode). It would then show the total bandwidth used by incoming and outgoing data, but in a very precise manner without any internal details about host connections or processes.
$ vnstat -l -i eth0 Monitoring eth0... (press CTRL-C to stop) rx: 12 kbit/s 10 p/s tx: 12 kbit/s 11 p/s
Vnstat is more like a tool to get historic reports of how much bandwidth is used everyday or over the past month. It is not strictly a tool for monitoring the network in real time.
Vnstat supports many options, details about which can be found in the man page.
Install vnstat
# ubuntu or debian $ sudo apt-get install vnstat # fedora or centos (from epel) $ sudo yum install vnstat
9. bwm-ng
Bwm-ng (Bandwidth Monitor Next Generation) is another very simple real time network load monitor that reports a summary of the speed at which data is being transferred in and out of all available network interfaces on the system.
$ bwm-ng
bwm-ng v0.6 (probing every 0.500s), press 'h' for help input: /proc/net/dev type: rate / iface Rx Tx T ot========================================================================== == eth0: 0.53 KB/s 1.31 KB/s 1.84 KB lo: 0.00 KB/s 0.00 KB/s 0.00 KB-------------------------------------------------------------------------- -- total: 0.53 KB/s 1.31 KB/s 1.84 KB/s
If the console size is sufficiently large, bwm-ng can also draw bar graphs for the traffic using the curses2 output mode.
$ bwm-ng -o curses2
Install Bwm-NG - On CentOS bwm-ng can be installed from Epel.
# ubuntu or debian $ sudo apt-get install bwm-ng # fedora or centos (from epel) $ sudo apt-get install bwm-ng
10. cbm - Color Bandwidth Meter
A tiny little simple bandwidth monitor that displays the traffic volume through network interfaces. No further options, just the traffic stats are display and updated in realtime.
$ sudo apt-get install cbm
11. speedometer
Another small and simple tool that just draws out good looking graphs of incoming and outgoing traffic through a given interface.
$ speedometer -r eth0 -t eth0
Install speedometer
# ubuntu or debian users $ sudo apt-get install speedometer
12. Pktstat
Pktstat displays all the active connections in real time, and the speed at which data is being transferred through them.
It also displays the type of the connection, i.e. tcp or udp and also details about http requests if involved.
$ sudo pktstat -i eth0 -nt
$ sudo apt-get install pktstat
13. Netwatch
Netwatch is part of the netdiag collection of tools, and it too displays the connections between local host and other remote hosts, and the speed at which data is transferring on each connection.
$ sudo netwatch -e eth0 -nt
$ sudo apt-get install netdiag
14. Trafshow
Like netwatch and pktstat, trafshow reports the current active connections, their protocol and the data transfer speed on each connection. It can filter out connections using pcap type filters.
Monitor only tcp connections
$ sudo trafshow -i eth0 tcp
$ sudo apt-get install netdiag
15. Netload
The netload command just displays a small report on the current traffic load, and the total number of bytes transferred since the program start. No more features are there. Its part of the netdiag.
$ netload eth0
$ sudo apt-get install netdiag
16. ifstat
The ifstat reports the network bandwidth in a batch style mode. The output is in a format that is easy to log and parse using other programs or utilities.
$ ifstat -t -i eth0 0.5 Time eth0 HH:MM:SS KB/s in KB/s out 09:59:21 2.62 2.80 09:59:22 2.10 1.78 09:59:22 2.67 1.84 09:59:23 2.06 1.98 09:59:23 1.73 1.79
Install ifstat - Ubuntu, Debian and Fedora users have it in the default repos. CentOS users need to get it from Repoforge, since its not there in Epel.
# ubuntu, debian $ sudo apt-get install ifstat # fedora, centos (Repoforge) $ sudo yum install ifstat
17. dstat
Dstat is a versatile tool (written in python) that can monitor different system statistics and report them in a batch style mode or log the data to a csv or similar file. This example shows how to use dstat to report network bandwidth
$ dstat -nt -net/total- ----system---- recv send| time 0 0 |23-03 10:27:13 1738B 1810B|23-03 10:27:14 2937B 2610B|23-03 10:27:15 2319B 2232B|23-03 10:27:16 2738B 2508B|23-03 10:27:17
Install dstat
$ sudo apt-get install dstat
18. collectl
Collectl reports system statistics in a style that is similar to dstat, and like dstat it is gathers statistics about various different system resources like cpu, memory, network etc.
Over here is a simple example of how to use it to report network usage/bandwidth.
$ collectl -sn -oT -i0.5 waiting for 0.5 second sample... # <----------Network----------> #Time KBIn PktIn KBOut PktOut 10:32:01 40 58 43 66 10:32:01 27 58 3 32 10:32:02 3 28 9 44 10:32:02 5 42 96 96 10:32:03 5 48 3 28
Install Collectl
# Ubuntu/Debian users $ sudo apt-get install collectl #Fedora $ sudo yum install collectl
Summary
Those were a few handy commands to quickly check the network bandwidth on your linux server. However these need the user to login to the remote server over ssh.
Alternatively web based monitoring tools can also be used for the same task.
Ntop and Darkstat are some of the basic web based network monitoring tools available for Linux.
Beyond these lie the enterprise level monitoring tools like Nagios that provide a host of features to not just monitor a server but entire infrastructure.
use iptraf-ng instead of iptraf
i installed it on Centos 7 , working perfectly.
Thanks for the post.
There you can use netstat –tcp –programs to find which programs are using the various protocols/ports.
Here a gui network monitoring app… Etherape. Only problem is it requires root permission. Also it’s a pity it is only on Linux.
Very good article!
Dont forget to add to your list:
IPERF and JNETTOP
thank you very much. this article helped me a lot.
actually, i am looking for a way to save the output of nload -m command to a file. i tired nload -m > filename but it gives me a bunch of junk characters which is not readable. i think there is no batch mode option for nload like; top -b -n1 > f1, to save it in one shot.
so, is there any other way to solve this ?
btw, i am using linux mint 18.2
Can I translate this article in Chinese?I will keep the source of the article.
Thanks for a great article. Just what I was looking for, and I tested out a few and ended up using IPTraf for the most part.
Hi, do you allow guest posting on binarytides.com ? :) Let me know on my email
I’ve developed few utils for monitoring and tuning networking stack in linux.
They are designed for ISP-level passive DPI, but should be useful for simple linux routers too.
I hope this repo will help someone except me and my colleagues!
https://github.com/strizhechenko/netutils-linux
You can monitor traffic per port or banch of ports, with `tc`. I use FireQoS to setup QoS under Linux.
Then you can monitor the traffic in real-time with netdata.
Check this: https://github.com/firehol/netdata/wiki/You-should-install-QoS-on-all-your-servers
Both of these tools are designed to permanently run on all servers. So, you can have a permanent solution for bandwidth monitoring per port, IP, application, interface, etc.
pv pipeviewer is also useful for watching one specific process.
niceee thnx :)
Very Nice!! Thanks!
very good compare i like speedometer
This was such a useful article, I had to comment and thank you! Installed bmon, iftop, nethogs and nload. bmon and nethogs are my two favourites (presently) as they perform two different (and useful) functions that cover the gamut. Also learned a little about my own internal connections. Using Wifi (eth0) but my VPN overrides this and all (most of) the activity is on tun0 (some local communications by Linux on other interfaces).
A side note on site usability. I’m on Linux/Firefox50 and the left-hand social networking widget (tweet, like, g+, lnkedln) that follows the user as s/he scrolls, is slightly in the way of (and interfering with) the article’s text. There’s plenty of space on the left-hand side but it insists on partially covering up the article contents.
Checking out the rest of the site now to see what other kinds of (gems) articles I’ll turn up!
Nice Info …
Thanks you. Your article is very precise and intersting and we can use some of these tools to run on our servers.
how can i install “nload” ON CENTOS 7 AS ROOT USER
i tried to install it on centos 7 , but package is not found , try yum install iptraf-ng
it is working properly
I have a Centos 7 dedicated box and nload runs on it just fine.
# yum info nload
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
* base: centos.serverspace.co.uk
* epel: mirror.vorboss.net
* extras: mirrors.vooservers.com
* updates: mirror.vorboss.net
Installed Packages
Name : nload
Arch : x86_64
Version : 0.7.4
Release : 4.el7
Size : 176 k
Repo : installed
From repo : epel
Summary : A tool can monitor network traffic and bandwidth usage in real time
URL : http://www.roland-riegel.de/nload/
Licence : GPLv2+
Description : nload is a console application which monitors network traffic and bandwidth
: usage in real time. It visualizes the in and outgoing traffic using two graphs
: and provides additional info like total amount of transfered data and min/max
: network usage.
very good, sort of, but as usual it is all CLI: when are these unix/linus computers going to grow up and get a nice, easy windows interface?
Grow up? Back to Microsoft Windows Kid…
lol. grow up? really?
Maybe it’s time for you to call it a day, eh? Go update Norton or fire up MSWord and write a letter to your gran… It will make you both feel better.
BWAHAHAHAHa grow up XDDDD lmao i mean serious? huhh i almost cried :”D
Why use a resource intensive GUI when CLI is all you need? When using SSH from devices, you are usually working with servers, not workstations. Every ounce of CPU/RAM is usually needed. When you are trying to optimize, you don’t want to keep adding resource intensive apps into a system.
thanks a lot for this useful list.
Thanx for sharing !!!
So there is no native way to check?
can we monitor the traffic between hosts
Very Awesome Tools, These are very useful tools :)
Thanks a lot !!!!!!!!!!
nethogs, where have you been all my life :)
I’m surprised you didn’t mention iperf, at lest it’s good for testing max throughput among connections…
Amazing! Thanks!
Thank you very much, excellent and useful article.
nice selection, but the best tool is missing: tcpdump
apt-get tcpdump
tcpdump -vvv (very very verbose)
tcpdump -X (full traffic logging)
tcpdump not port 22 (to block your ssh traffic)
desktop version please
I think we need some more tools for this purpose.
Brilliant article – thanks!
Very good compilation. I like speedometer. Thanks for the compilation.
thanks
Great info. Thanks!
Very nice article! Thanks!
Excellent article, Thanks for sharing!
Excellent ! Thank you so much for sharing this useful tip. I have searched a long time before finding your article with this extensive information !
Thank you!
Thx! Slurm was the tool i was looking for.
Always forget the name of the tools i used to use when i don’t use it for a while.
But i get used to use google for that. As a User. ^^
Thank you for this! Excellent post – keep up the good work!
Excellent. Thank you very much for this post
Thank you!
Thank you for the helpful article, I got about 5 or 6 of those to try out :) iftop looks useful – have it running now – Cheers
So well written list of good tools, thank You!
BWTop – CLI tool to monitor network interfaces bandwidth rate:
http://adelmahmoud.wordpress.com/2014/06/24/bwtop/
thanks
Thanks!!!
The tools are rather specific and I think that they are familir to a limited number of people. For example, I think that a cloud-based tool Antruris can be also used to monitor Linux servers as well as other elements of the IT infrastructure of the company.
Check also jnettop ;-)
Excellent article! , would like to know if exists some software that shows real time connections in a web page , using jquery or something like that.
cheers!
Excellent assortment of tools … very helpful! Unfortunately though, ‘bmon’ does not appear to be available for Centos any longer. Does anyone know of a similar listing for IO monitoring on Linux? As heavy-duty ClearCase users, we would benefit greatly from the ability to monitor disk IO for example, especially when writing to our NetApps.
bmon can be installed on centos from repoforge repository
I just installed it on CentOS 7.1 via the EPEL repo.