Network traffic: Difference between revisions
| Line 37: | Line 37: | ||
== Network monitoring tools == | == Network monitoring tools == | ||
There are bunch of network monitoring tools are available and [https://askubuntu.com/questions/257263/how-to-display-network-traffic-in-the-terminal this discussion] shows most of them | |||
* [https://github.com/raboof/nethogs#readme nethogs] monitors traffic going to/from a machine, per process | |||
* nettop shows packet types, sorts by either size or number of packets. | |||
* ettercap is a network sniffer/interceptor/logger for ethernet | |||
* darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing. | |||
* iftop shows network traffic by service and host | |||
* ifstat shows network traffic by interface in a vmstat/iostat-like manner | |||
* gnethogs GTK-based GUI (work-in-progress) | |||
* nethogs-qt Qt-based GUI | |||
* hogwatch A bandwidth monitor(per process) with graphs for desktop/web. | |||
* iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic. | |||
* nettop (by Emanuele Oriani) is a simple process/network usage report for Linux. | |||
* iptstate is a top-like interface to your netfilter connection-tracking table. | |||
* flowtop is a top-like netfilter connection tracking tool. | |||
* BusyTasks is a Java-based app using top, iotop and nethogs as backend. | |||
* bandwhich is a terminal bandwidth utilization tool. | |||
* sniffer is a modern alternative network traffic sniffer | |||
==References== | ==References== | ||
<references /> | <references /> | ||
Revision as of 12:16, 18 May 2023
Real time each connection tracking (Conntrack)
In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.
from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used tosearch, list, inspect and maintain the connection tracking subsystem of the Linux kernel.
conntrack module traces the connection status of trackable protocols (specific protocols, not all.)
setup conntrack
Set nf_contrack_acct
$ sysctl -w net.netfilter.nf_conntrack_acct=1[3]
Install contrack utility, if you do not have yet
$sudo apt-get install conntrack
List the existing flows
# conntrack -L
Filter out the listing
#conntrack -L -p tcp --dport 22
Update the ct mark
#conntrack -U -p tcp --dport 22 --mark 10
delete entries,
it can also block TCP traffic when
- stateful rule-set that drops traffic in INVALID state
- /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
- # conntrack -D -p tcp --dport 22
Listen to the connection tracking events
#conntrack -E
Network monitoring tools
There are bunch of network monitoring tools are available and this discussion shows most of them
- nethogs monitors traffic going to/from a machine, per process
- nettop shows packet types, sorts by either size or number of packets.
- ettercap is a network sniffer/interceptor/logger for ethernet
- darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
- iftop shows network traffic by service and host
- ifstat shows network traffic by interface in a vmstat/iostat-like manner
- gnethogs GTK-based GUI (work-in-progress)
- nethogs-qt Qt-based GUI
- hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
- iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic.
- nettop (by Emanuele Oriani) is a simple process/network usage report for Linux.
- iptstate is a top-like interface to your netfilter connection-tracking table.
- flowtop is a top-like netfilter connection tracking tool.
- BusyTasks is a Java-based app using top, iotop and nethogs as backend.
- bandwhich is a terminal bandwidth utilization tool.
- sniffer is a modern alternative network traffic sniffer