Linux – What command line tools for monitoring host network activity on linux do you use

command-line-interfacelinuxnetworkingnic

What command line tools are good for reliably monitoring network activity?

I have used ifconfig, but an office colleague said that its statistics are not always reliable. Is that true? I have recently used ethtool, but is it reliable? What about just looking at /proc/net 'files'? Is that any better?

EDIT

I'm interested in packets Tx/Rx, bytes Tx/Rx, but most importantly drops or errors and why the drop/error might have occurred.

Best Answer

I like and use pmacct

From their webpage:

OVERVIEW.
IP accounting is key activity underlying essential network management tasks like billing, graphing network resources usage, live or historical traffic trends analysis, steering BGP peerings, real-time alerting and certain SLA monitoring. Often SNMP counters do not help in these areas because of their coarse granularity; live traffic mirroring, NetFlow and sFlow break this barrier by offering data at a finer granularity. But current high-speed large-scale networks are able to produce, in very short times, high amounts of data that become quickly difficult to be processed. In this context, both spatial and temporal aggregation, flexible filtering and sampling capabilities become key requirements.

pmacct is a small set of passive network monitoring tools to measure, account, classify, aggregate and export IPv4 and IPv6 traffic; its main features are:

  • Suitable to ISP, IXP, CDN, IP carrier, data-centre and hot-spots enviroments
  • Runs on Linux, BSDs, Solaris and embedded systems
  • Support for both IPv4 and IPv6
  • Collects data through libpcap, Netlink/ULOG, NetFlow v1/v5/v7/v8/v9 and sFlow v2/v4/v5
  • Saves data to a number of backends including memory tables, MySQL, PostgreSQL and SQLite
  • Exports data to remote collectors through NetFlow v5/v9 and sFlow v5
  • Flexible architecture to tag, filter, redirect, aggregate and split captured data
  • Implements a BGP daemon to augment visibility into the network (from 0.12)
  • Traffic streams classification. Read more here
  • Support for packet and flow sampling and renormalization
  • Pluggable architecture for easy integration of new capturing environments and data backends
  • Careful SQL support: data pre-processing, triggers, dynamic table naming
  • It's free, open-source, developed and supported with passion and open mind

Either using memory or SQL tables as backend storage, pmacct can easily feed data into external tools including RRDtool, GNUPlot, Net-SNMP, MRTG and Cacti among the others. Little scripting abilities are required and a number of sample scripts, contributions, web frontends and some tutorials are already available.

Other tools I use include:

tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. It passively watches for connections on the network interface, keeps track of their state and displays a list of connections in a manner similar to the unix ‘top’ command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.

Pktstat Display a real-time list of active connections seen on a network interface, and how much bandwidth is being used by what. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Entries hang around on the screen for a few seconds so you can see what just happened. Also accepts filter expressions á la tcpdump.

Iptraf

Iftop

tcpdump / wireshark

Related Topic