When we are talking about a server, its network is the most important resource. Especially in the cloud network, when it is the only communication channel to access the server and connect with other servers in the network. The network comes under an Input/Output device category. Networks are generally slow in performance and are an unreliable communication channel. You may lose some data while in transit, data may be exposed to external entities, or a malicious guy can update original data before it reaches you.
The Ubuntu server, as well as Linux in general, provides tons of utilities to ease network monitoring and administration. This recipe covers some inbuilt tools to monitor network traffic and its performance. We will also look at a few additional tools that are worth a space on your system.
ifconfig
. We mostly use this command to read the network configuration details such as the IP address. When called without any parameters, ifconfig
displays details of all active network interfaces as follows:MTU
) and basic statistics of received (RX
) and transmitted (TX
) packets, and the count of errors or dropped packets, and so on.ifconfig
with flag -s
, as follows:-a
option to ifconfig
.ping
. It sends ICMP requests to a specified host and waits for the reply. If you query for a host name, ping
will get its IP address from DNS. This also gives you confirmation that the DNS is working properly. Ping also gives you the latency of your network interface. Check for the time
values in the output of the ping
command:netstat
. It is mainly used to check network connections and routing tables on the system. The commonly used syntax is as follows:$ sudo netstat -plutn
-t
) / UDP (-u
) connections, plus any ports that are actively listening (-l
) for connection. The flag, -p
, queries the program name responsible for a specified connection. Note that flag -p
requires sudo privileges. Also check flag -a
to get all listening as well as non-listening sockets, or query the routing table information with flag -r
as follows:$ netstat -r
netstat
command as follows:$ netstat -s
netstat
is ss
. It displays detailed TCP socket information. Use ss
without any parameters to get a list of all the sockets with a state established.lsof
, gives you a list of all open files. It includes the files used for network connections or sockets. Use with flag -i
to list all network files, as follows:$ sudo lsof -i
-s
with protocol and state
as filter options:$ sudo lsof -iTCP -sTCP:LISTEN
tcpdump
. It collects network traffic and displays it to a standard output or dump in a file system. You can dump the content of the packets for any network interface. When no interface is specified, tcpdump
defaults to the first configured interface, which is generally eth0
. Use it as follows to get a description of packets exchanged over eth0
:$ sudo tcpdump -i eth0
-w
. These logged packets can later be read with the -r
flag. The following command will log 100
packets from the interface eth0
to the file tcpdump.log
:$ sudo tcpdump -i eth0 -w tcpdump.log -c 100 $ tcpdump -r tcpdump.log
sar
. We have already used sar
to get CPU and memory statistics. To simply extract all network statistics, use sar
as follows:$ sar -n ALL 1 5
1
second. You can also enable periodic logging in the file /etc/default/sysstat
. For network specific usage of sar
, check flag -n
in the man pages.collectl
which is similar to sar
. In the same way as sar
, you will need to separately install this command as well:$ sudo apt-get install collectl
collectl
with the -s
flag and value sn
to get statistics about the network. Using it without any parameters gives you statistics for the CPU, disk, and network:This recipe covers various network monitoring commands including the commonly used ifconfig
and ping
, netstat
, tcpdump
, and collectl
.
If you have been working with Linux systems for a while, you should have already used the basic network commands, ifconfig
and ping
. Ifconfig is commonly used to read network configuration and get details of network interfaces. Apart from its basic use, ifconfig
can also be used to configure the network interface. See Chapter 2, Networking, to get more details on network configuration. With netstat
, you can get a list of all network sockets and their respective processes using those socket connections. With various parameters, you can easily separate active or listening connections and even separate connections with the protocol being used by the socket. Additionally, netstat
provides details of routing table information and network statistics as well. The command ss
provides similar details to netstat and adds some more information. You can use ss
to get memory usages of socket (-m
) and the process using that particular socket (-p
). It also provides various filtering options to get the desired output. Check the manual pages of ss
with the command, man ss
.
Following are some more commands that can be useful when monitoring network data. With a limit on page count, it is not possible to cover them all, so I am simply listing the relevant commands:
nethogs
: Monitors per process bandwidth utilizationntop / iftop
: Top for network monitoringiptraf
: Monitors network interface activityvnstat
: Network traffic monitoring with loggingethtool
: Queries and configures network interfacesnicstat / ifstat / nstat
: Network interface statisticstracepath
: Traces a network route to destination host