Managing and keeping tabs of network traffic on Linux
Flow analysis: what’s going on, and where
The tools we have seen so far are quite useful, but sometimes you want to point your finger at a network hog. And none of them are useful for that. What we’ll do this time is inspect two (quite popular, I must confess) programs used to do flow analysis — figuring out how traffic is apportioned, which program or network service is responsible, and where it goes.
iftop: network usage in real-time
I’m not gonna explain why the program iftop is named iftop — I’m just gonna say iftop rocks. iftop. Damn, that’s a lot of iftops on one sentence!
In short, iftop shows you how network traffic is being apportioned, breaking it down by host. This, for example, is a screenshot taken from my computer:
You can see three distinct flows in the three rows there, and the black bars depict the relative network usage for each flow (two bars per flow — one for incoming and one for outgoing traffic). The last rows in the shot display the total network usage.
The two flows after the first are irrelevant — we’ll ignore them — because they are broadcast traffic from either Avahi or Windows network browsing. As they say in the Wizard of Oz, do not pay attention to the man behind the curtain.
However, the first row is a lot more interesting. It shows a steady flow of data, in the vicinity of 1.6 megabits per second, from my “desktop” computer to my PVR computer. You see, my “desktop” computer is a Dell PowerEdge blade server, too loud to use as a desktop, and too cheap to have a sound card.
Since I’m a cheap and poor bastard, instead of bothering with an USB sound card for the PowerEdge, I just reuse one of the several sound cards in my PVR computer through the network and the magic of PulseAudio. Yes, I’m listening to music on my “desktop” computer, and the audio travels through my local network into my other computer, which relays the audio to my stereo, through my speakers, to my ears. You get the point.
Now here’s a more meaningful screenshot, displaying network usage of my Internet connection (in this case, I typed the command iftop -i eth2 on the terminal window):
Now you can see a lot more flows — why are the Messenger servers so intent on focusing in my computer? Well, I guess I now have homework to do, start investigating if anything’s wrong.
Try iftop out. Use your Linux distribution’s package manager to install iftop, then just run it on a terminal window (you may have to type sudo iftop to run it, because it requires administrative privileges). When you’re bored, close it down. However, don’t get surprised if you see a lot of traffic going in and out while downloading BitTorrent torrents.
Don’t forget to read the iftop manual page as well (type man iftop on a terminal window). It’s got lots of information for you to learn more, and a couple of other usage modes — I like the one that shows me each protocol independently, and the other one that shows traffic in Bytes per second instead of bits per second. Very useful.
But there’s a prettier tool.
August 23rd, 2007 at 10:28
[...] Læs mere her [...]
August 27th, 2007 at 7:39
[...] and keeping tabs of network traffic on Linux Rudd-O’s got a great article about the above, complete with strangely large font choices, but good [...]