Network Monitoring Tools
Essential tools for monitoring and analyzing network traffic.
Real-Time Traffic Monitoring
iftop - Interface Traffic
# Install
sudo apt install iftop
# Monitor interface
sudo iftop -i eth0
# Show ports
sudo iftop -i eth0 -P
# Filter by host
sudo iftop -i eth0 -f "host 192.168.1.100"nethogs - Per-Process Bandwidth
# Install
sudo apt install nethogs
# Monitor all interfaces
sudo nethogs
# Specific interface
sudo nethogs eth0
# Refresh interval
sudo nethogs -d 2nload - Bandwidth Graph
# Install
sudo apt install nload
# Monitor interface
nload eth0
# All interfaces
nloadbmon - Bandwidth Monitor
# Install
sudo apt install bmon
# Run
bmonConnection Analysis
ss - Socket Statistics
# All listening ports
ss -tulpn
# TCP connections
ss -tan
# UDP sockets
ss -uan
# Summary
ss -s
# Process using port
ss -tlpn | grep :80netstat (Legacy)
# Listening ports
netstat -tulpn
# All connections
netstat -an
# Connection statistics
netstat -slsof - Open Files
# Network connections
lsof -i
# Specific port
lsof -i :80
# TCP connections
lsof -i tcp
# By process
lsof -i -P -n | grep nginxPacket Capture
tcpdump
# Capture on interface
sudo tcpdump -i eth0
# Filter by host
sudo tcpdump -i eth0 host 192.168.1.100
# Filter by port
sudo tcpdump -i eth0 port 80
# Save to file
sudo tcpdump -i eth0 -w capture.pcap
# Read capture
tcpdump -r capture.pcap
# Show packet content
sudo tcpdump -i eth0 -A port 80tshark (Wireshark CLI)
# Install
sudo apt install tshark
# Capture packets
sudo tshark -i eth0
# Filter by protocol
sudo tshark -i eth0 -f "tcp port 443"
# Show specific fields
sudo tshark -i eth0 -T fields -e ip.src -e ip.dst -e tcp.portBandwidth Testing
iperf3
# Install
sudo apt install iperf3
# Server mode
iperf3 -s
# Client test (TCP)
iperf3 -c server.example.com
# UDP test
iperf3 -c server.example.com -u -b 100M
# Reverse mode
iperf3 -c server.example.com -Rspeedtest-cli
# Install
pip install speedtest-cli
# Run test
speedtest-cli
# Simple output
speedtest-cli --simpleDNS Monitoring
dig with timing
# Query with stats
dig example.com +stats
# Trace resolution
dig +trace example.comdnstop
# Install
sudo apt install dnstop
# Monitor DNS
sudo dnstop eth0Network Statistics
vnStat - Long-term Monitoring
# Install
sudo apt install vnstat
# Initialize database
sudo vnstat -i eth0
# View statistics
vnstat
# Daily stats
vnstat -d
# Monthly stats
vnstat -m
# Live monitor
vnstat -lsar - System Activity
# Install
sudo apt install sysstat
# Enable collection
sudo systemctl enable sysstat
# Network statistics
sar -n DEV 1 5
# All network stats
sar -n ALLQuick Reference
| Tool | Purpose | Install |
|---|---|---|
| iftop | Interface bandwidth | apt install iftop |
| nethogs | Per-process bandwidth | apt install nethogs |
| nload | Bandwidth graphs | apt install nload |
| ss | Socket statistics | Built-in |
| tcpdump | Packet capture | apt install tcpdump |
| iperf3 | Bandwidth testing | apt install iperf3 |
| vnstat | Long-term stats | apt install vnstat |
Best Practices
- Use appropriate tool - Match tool to task
- Capture selectively - Filter to reduce noise
- Monitor regularly - Establish baselines
- Secure captures - Protect pcap files
- Automate alerts - For threshold breaches
- monitoring
- bandwidth
- traffic analysis
- netstat
- iftop
- nethogs