Network traffic

From HPCWIKI
Jump to navigation Jump to search

Real time each connection tracking (Conntrack)

In freebsd, session table provides real time rx/tx information for each connection. InLinux netfilter router, connections table only includes information on end of connections by default.

from Linux kernel version >= 2.6.18, we can use conntract or conntrackd daemon[1], This tool can be used tosearch, list, inspect and maintain the connection tracking subsystem of the Linux kernel.

Conntrack points in Netfilter[2]

conntrack module traces the connection status of trackable protocols (specific protocols, not all.)

setup conntrack

Set nf_contrack_acct

$ sysctl -w net.netfilter.nf_conntrack_acct=1[3]


Install contrack utility, if you do not have yet

$sudo apt-get install conntrack

List the existing flows

# conntrack -L

Filter out the listing

#conntrack -L -p tcp --dport 22

Update the ct mark

#conntrack -U -p tcp --dport 22 --mark 10

delete entries,

it can also block TCP traffic when

  • stateful rule-set that drops traffic in INVALID state
  • /proc/sys/net/netfilter/nf_conntrack_tcp_loose to zero.
  • # conntrack -D -p tcp --dport 22

Listen to the connection tracking events

#conntrack -E

Network monitoring tools

There are bunch of network monitoring tools are available and this discussion shows most of them

  • nethogs monitors traffic going to/from a machine, per process
  • nettop shows packet types, sorts by either size or number of packets.
  • ettercap is a network sniffer/interceptor/logger for ethernet
  • darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
  • iftop shows network traffic by service and host
  • ifstat shows network traffic by interface in a vmstat/iostat-like manner
  • gnethogs GTK-based GUI (work-in-progress)
  • nethogs-qt Qt-based GUI
  • hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
  • iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic.
  • nettop (by Emanuele Oriani) is a simple process/network usage report for Linux.
  • iptstate is a top-like interface to your netfilter connection-tracking table.
  • flowtop is a top-like netfilter connection tracking tool.
  • BusyTasks is a Java-based app using top, iotop and nethogs as backend.
  • bandwhich is a terminal bandwidth utilization tool.
  • sniffer is a modern alternative network traffic sniffer

Simple Internet Speed Test

#install speedtest-cli 
$sudo pip install speedtest-cli

#execute
$speedtest-cli --simple

References

  1. https://conntrack-tools.netfilter.org/manual.html
  2. https://arthurchiao.art/blog/conntrack-design-and-implementation/#3-implementation-netfilter-conntrack
  3. https://serverfault.com/questions/449250/monitoring-rx-tx-stats-of-current-connections-on-linux
Retrieved from "http://wiki.hpcmate.com/index.php?title=Network_traffic&oldid=989"