HxHippy

Network Monitoring Tools

Essential tools for monitoring network traffic, bandwidth, and connectivity.

Last updated: 2025-01-15

Network Monitoring Tools

Essential tools for monitoring and analyzing network traffic.

Real-Time Traffic Monitoring

iftop - Interface Traffic

# Install
sudo apt install iftop

# Monitor interface
sudo iftop -i eth0

# Show ports
sudo iftop -i eth0 -P

# Filter by host
sudo iftop -i eth0 -f "host 192.168.1.100"

nethogs - Per-Process Bandwidth

# Install
sudo apt install nethogs

# Monitor all interfaces
sudo nethogs

# Specific interface
sudo nethogs eth0

# Refresh interval
sudo nethogs -d 2

nload - Bandwidth Graph

# Install
sudo apt install nload

# Monitor interface
nload eth0

# All interfaces
nload

bmon - Bandwidth Monitor

# Install
sudo apt install bmon

# Run
bmon

Connection Analysis

ss - Socket Statistics

# All listening ports
ss -tulpn

# TCP connections
ss -tan

# UDP sockets
ss -uan

# Summary
ss -s

# Process using port
ss -tlpn | grep :80

netstat (Legacy)

# Listening ports
netstat -tulpn

# All connections
netstat -an

# Connection statistics
netstat -s

lsof - Open Files

# Network connections
lsof -i

# Specific port
lsof -i :80

# TCP connections
lsof -i tcp

# By process
lsof -i -P -n | grep nginx

Packet Capture

tcpdump

# Capture on interface
sudo tcpdump -i eth0

# Filter by host
sudo tcpdump -i eth0 host 192.168.1.100

# Filter by port
sudo tcpdump -i eth0 port 80

# Save to file
sudo tcpdump -i eth0 -w capture.pcap

# Read capture
tcpdump -r capture.pcap

# Show packet content
sudo tcpdump -i eth0 -A port 80

tshark (Wireshark CLI)

# Install
sudo apt install tshark

# Capture packets
sudo tshark -i eth0

# Filter by protocol
sudo tshark -i eth0 -f "tcp port 443"

# Show specific fields
sudo tshark -i eth0 -T fields -e ip.src -e ip.dst -e tcp.port

Bandwidth Testing

iperf3

# Install
sudo apt install iperf3

# Server mode
iperf3 -s

# Client test (TCP)
iperf3 -c server.example.com

# UDP test
iperf3 -c server.example.com -u -b 100M

# Reverse mode
iperf3 -c server.example.com -R

speedtest-cli

# Install
pip install speedtest-cli

# Run test
speedtest-cli

# Simple output
speedtest-cli --simple

DNS Monitoring

dig with timing

# Query with stats
dig example.com +stats

# Trace resolution
dig +trace example.com

dnstop

# Install
sudo apt install dnstop

# Monitor DNS
sudo dnstop eth0

Network Statistics

vnStat - Long-term Monitoring

# Install
sudo apt install vnstat

# Initialize database
sudo vnstat -i eth0

# View statistics
vnstat

# Daily stats
vnstat -d

# Monthly stats
vnstat -m

# Live monitor
vnstat -l

sar - System Activity

# Install
sudo apt install sysstat

# Enable collection
sudo systemctl enable sysstat

# Network statistics
sar -n DEV 1 5

# All network stats
sar -n ALL

Quick Reference

Tool Purpose Install
iftop Interface bandwidth apt install iftop
nethogs Per-process bandwidth apt install nethogs
nload Bandwidth graphs apt install nload
ss Socket statistics Built-in
tcpdump Packet capture apt install tcpdump
iperf3 Bandwidth testing apt install iperf3
vnstat Long-term stats apt install vnstat

Best Practices

  1. Use appropriate tool - Match tool to task
  2. Capture selectively - Filter to reduce noise
  3. Monitor regularly - Establish baselines
  4. Secure captures - Protect pcap files
  5. Automate alerts - For threshold breaches
intermediate Monitoring Updated 2025-01-15
  • monitoring
  • bandwidth
  • traffic analysis
  • netstat
  • iftop
  • nethogs