Network traffic: Difference between revisions

From HPCWIKI
Jump to navigation Jump to search
No edit summary
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:


== Real time each connection tracking ==
== Real time each connection tracking (Conntrack) ==
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.
In freebsd, session table provides real time rx/tx information for each connection. In Linux netfilter router, connections table only includes information on end of connections by default.


from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon, ''conntrack'' provides a full featured command line utility to interact with the connection tracking system<ref>https://conntrack-tools.netfilter.org/manual.html</ref>  
from [[Linux]] kernel version >= 2.6.18, we can use conntract or ''conntrackd'' daemon<ref>https://conntrack-tools.netfilter.org/manual.html</ref>, This tool can be used to search, list, inspect and maintain the ''connection tracking'' subsystem of the ''Linux'' kernel. 
[[File:Conntrack points in Netfilter.png|thumb|Conntrack points in Netfilter<ref>https://arthurchiao.art/blog/conntrack-design-and-implementation/#3-implementation-netfilter-conntrack</ref>]]
conntrack module traces the connection status of '''<mark>trackable protocols (specific protocols, not all.)</mark>''' 


=== setup conntrack ===
=== setup conntrack ===
Line 9: Line 11:


$ sysctl -w net.netfilter.nf_conntrack_acct=1<ref>https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux</ref>
$ sysctl -w net.netfilter.nf_conntrack_acct=1<ref>https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux</ref>




Line 32: Line 35:


==== Listen to the connection tracking events ====
==== Listen to the connection tracking events ====
<nowiki>#</nowiki>conntrack -E  
<nowiki>#</nowiki>conntrack -E
 
== Network monitoring tools ==
There are bunch of network monitoring tools are available and [https://askubuntu.com/questions/257263/how-to-display-network-traffic-in-the-terminal this discussion] shows most of them
 
* [https://github.com/raboof/nethogs#readme nethogs] monitors traffic going to/from a machine, per process
* nettop shows packet types, sorts by either size or number of packets.
* ettercap is a network sniffer/interceptor/logger for ethernet
* darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
* iftop shows network traffic by service and host
* ifstat shows network traffic by interface in a [[vmstat]]/iostat-like manner
* gnethogs GTK-based GUI (work-in-progress)
* nethogs-qt Qt-based GUI
* hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
* iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic.
* nettop (by Emanuele Oriani) is a simple process/network usage report for Linux.
* iptstate is a top-like interface to your netfilter connection-tracking table.
* flowtop is a top-like netfilter connection tracking tool.
* BusyTasks is a Java-based app using top, iotop and nethogs as backend.
* bandwhich is a terminal bandwidth utilization tool.
* sniffer is a modern alternative network traffic sniffer
 
== Simple Internet Speed Test ==
<syntaxhighlight lang="bash">
#install speedtest-cli
$sudo pip install speedtest-cli
 
#execute
$speedtest-cli --simple
</syntaxhighlight>
 
== Internet speed test using Speedtest.net ==
speedtest.net is one of the popular network speed [[test]] site which also [[support]] cli command line. [https://www.speedtest.net/apps/cli this page] describes how to use for other OS instead of Ubuntu<syntaxhighlight lang="bash">
#for Ubuntu
$sudo apt-get install curl
$curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
$sudo apt-get install speedtest
</syntaxhighlight>
 
== Check public IP ==
 
$wget -qO- <nowiki>http://ipecho.net/plain</nowiki> ; echo


== References ==
==References==
<references />
<references />

Latest revision as of 10:34, 22 June 2024

Real time each connection tracking (Conntrack)

In freebsd, session table provides real time rx/tx information for each connection. In Linux netfilter router, connections table only includes information on end of connections by default.

from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used to search, list, inspect and maintain the connection tracking subsystem of the Linux kernel.

Conntrack points in Netfilter[2]

conntrack module traces the connection status of trackable protocols (specific protocols, not all.)

setup conntrack

Set nf_contrack_acct

$ sysctl -w net.netfilter.nf_conntrack_acct=1[3]


Install contrack utility, if you do not have yet

$sudo apt-get install conntrack

List the existing flows

# conntrack -L

Filter out the listing

#conntrack -L -p tcp --dport 22

Update the ct mark

#conntrack -U -p tcp --dport 22 --mark 10

delete entries,

it can also block TCP traffic when

  • stateful rule-set that drops traffic in INVALID state
  • /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
  • # conntrack -D -p tcp --dport 22

Listen to the connection tracking events

#conntrack -E

Network monitoring tools

There are bunch of network monitoring tools are available and this discussion shows most of them

  • nethogs monitors traffic going to/from a machine, per process
  • nettop shows packet types, sorts by either size or number of packets.
  • ettercap is a network sniffer/interceptor/logger for ethernet
  • darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
  • iftop shows network traffic by service and host
  • ifstat shows network traffic by interface in a vmstat/iostat-like manner
  • gnethogs GTK-based GUI (work-in-progress)
  • nethogs-qt Qt-based GUI
  • hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
  • iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic.
  • nettop (by Emanuele Oriani) is a simple process/network usage report for Linux.
  • iptstate is a top-like interface to your netfilter connection-tracking table.
  • flowtop is a top-like netfilter connection tracking tool.
  • BusyTasks is a Java-based app using top, iotop and nethogs as backend.
  • bandwhich is a terminal bandwidth utilization tool.
  • sniffer is a modern alternative network traffic sniffer

Simple Internet Speed Test

#install speedtest-cli 
$sudo pip install speedtest-cli

#execute
$speedtest-cli --simple

Internet speed test using Speedtest.net

speedtest.net is one of the popular network speed test site which also support cli command line. this page describes how to use for other OS instead of Ubuntu

#for Ubuntu 
$sudo apt-get install curl
$curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
$sudo apt-get install speedtest

Check public IP

$wget -qO- http://ipecho.net/plain ; echo

References

  1. https://conntrack-tools.netfilter.org/manual.html
  2. https://arthurchiao.art/blog/conntrack-design-and-implementation/#3-implementation-netfilter-conntrack
  3. https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux
Retrieved from "http://wiki.hpcmate.com/index.php?title=Network_traffic&oldid=2054"