Linux Network Monitoring/Diagnosis/Top

What's going on now

Local Ports

ss - another utility to investigate sockets

-p -> show process

- n -> show numeric port number

• ss -lt
  • Show local tcp ports
•  ss -lu
  • Show local udp ports

iftop

Displays traffic by host, also sums up traffic, optionaly by port/service

• iftop
• iftop -P

iptraf 

Displays traffic by host, special area for ICMP and UDP
Nice general overview per protocol (TPC, UDP, ICMP,)

Turn on DNS-Lookup and Port names in Configuration

• iptraf

What exactly does "Statistical breakdown" -> "By TCP/UDP port" show?

nethogs

Displays network connections per user

• nethogs eth0

tcpdump

Dumps detailed traffic on a network

https://www.rationallyparanoid.com/articles/tcpdump.html

• Traffic by port
  • tcpdump -i eth0 -s 1500 port 3306
• Traffic by ip
  • tcpdump host  84.113.138.3

Continuous Monitoring

atop

https://www.tecmint.com/how-to-install-atop-to-monitor-logging-activity-of-linux-system-processes/

https://haydenjames.io/use-atop-linux-server-performance-analysis/

• atop -n
• ls -l /var/log/atop/
• atop -r -b 05:05 -l 1

View log file:

• atop -r /var/log/atop/atop_20190225
• t -> go forward in time
• T -> go backwards in time
• b -> go to a specific time

Installation:

• apt install atop zlib1g-dev build-essential
• cd ~
• wget https://www.atoptool.nl/download/netatop-2.0.tar.gz
• tar -xvf netatop-2.0.tar.gz
• cd netatop-2.0/
• make
• make install
• update-rc.d netatop defaults
• service netatop start
• service netatop status

Log every minute

• vi /usr/share/atop/atop.daily
  • INTERVAL=60
• /usr/share/atop/atop.daily &

Log files can also be read by atopsar:

https://www.systutorials.com/docs/linux/man/1-atopsar/

• atopsar -N -r /var/log/atop/atop_20190226 -b 03:00 -e 03:15

• -O

  Report about top-3 processes consuming most processor capacity. This report is only available when using a log file (not when specifying an interval).

   

  -G

  Report about top-3 processes consuming most resident memory. This report is only available when using a log file (not when specifying an interval).

   

  -D

  Report about top-3 processes issueing most disk transfers. This report is only available when using a log file (not when specifying an interval).

   

  -N

  Report about top-3 processes issueing most IPv4/IPv6 socket transfers. This report is only available when using a log file (not when specifying an interval).

ntop

Provides information per protocol

https://www.ullright.org/ullWiki/show/ntop