November 27, 2007

CLI Magic: No-nonsense network monitoring tools

Author: Razvan T. Coloja

Linux is an excellent platform for network administration. If you want to monitor your network traffic, you can find many tools -- some accessible from a Web interface, others using a graphical interface -- but nothing beats the speed of the command line. Command-line tools are also useful in shell scripts, where they can help you perform complex tasks. Here's a handful of my favorites for monitoring network traffic.

Atop is a system and process manager that displays network traffic, along with other useful information such as CPU consumption, memory usage, and a process list. Atop has a handful of options to be passed to at startup. To see network network-related information and save it to a log file located in /var/log, start the application with atop -N > /var/log/atopnet.log.

You need to patch the Linux kernel source to use the application to show TCP send and receive requests and the number of bytes received and transmitted through TCP/UDP. A second patch lets you automatically show data regarding terminated processes when atop starts.

Bmon is a bandwidth monitor for network connections. With it you can selectively watch a certain network card or a many of them, and even keep an eye on interfaces that are down (using the -a switch). Bmon can show results using either ASCII mode or the curses library, and can even generate statistics in an HTML file. If started without any options, bmon will show interface statistics using ncurses and display all available network connections. Once the application is started, you can press the g key to enable graphical mode and d to enable detailed statistics. If your server has subinterfaces, you can view them by pressing the f key.

One of the cool features of bmon is that it can provide interface statistics using rtnetlink with either the proc or sys filesystems. For example, if you start bmon with a command like bmon -i eth1,eth4 -o curses, it will monitor only the specified network cards in curses mode. You can use wildcards in interface names. If you want HTML output, enable the HTML output module in /etc/bmon.conf and launch bmon with -o html.

The utility also provides a command that you can use to bind not yet assigned keys to shell scripts. For example, if you quickly need to bring eth0 down, you can assign a key to it by creating a script that shuts down the interface and linking it to bmon with bind key/path/to/script.

Bwmon is similar to bmon, but it provides limited options. It shows bandwidth usage in curses mode and has options to show average bandwidth utilization since last boot (using -a), print maximum bandwidth utilization since the last launch of the program (using -m), and specify update timeout (using -u value).

Netwatch is an invaluable tool when it comes to network monitoring, and one of my personal favorites. It can not only show what IP addresses or hostnames are communicating with the outside, but also what ports they are using. Netwatch is great when you are a network administrator in a small or medium-sized office and your users are constantly downloading large files from the Internet. It can email you warnings about bandwidth usage (if you use the -u warnuser option) and can log all or specific packets.

Speedometer is a little different from the rest of these tools. It measures network traffic and the speed or progress of a certain file transfer. Let's say you want to see how fast someone can download a file from your server and how the download is going in real time. Enter speedometer filename, and the program will draw a progress bar that shows the speed of the transfer. It can print the RX and TX rates on a per-interface basis (using -rx iface and -tx iface). You can use speedometer to test the upstream speed of your ADSL line, the transfer speed of your LAN, or the time needed to send a file to a server.

I use speedometer when I need to send one of my clients a backup of his site. I email him the link to the .bz2 file and make sure he gets it. When speedometer tells me the file has been copied, I email the recipient with details of how he can burn the file to a multisession DVD.

There are many more tools out there that can help you monitor your network. Use them and let that bandwidth roll!

Categories:

  • System Administration
  • Networking
Click Here!