Monitoring a network from the command line
It is often convenient to monitor a network from the command line. For example, the use of command-line tools allows you to log into an OpenWrt router remotely in order to diagnose a network performance problem. Here I describe how to use some common open-source tools.
Bmon monitors the use of a network interface in aggregate; it provides real-time information about the utilization of the network interfaces in a computer. After running bmon, you will likely want to press
g to provide a detailed and graphical display, respectively. The graphical display plots utilization over time.
Iftop helps determine the degree to which individual connections are using the network. For example, running
iftop -i eth0 -P will show the connections making use of the interface
eth0. Each measurement is displayed using two lines, which represent the two directions of communication. Behind each line, iftop displays, using a highlight, a bar which is proportional to the percentage the respective connection represents of the total network utilization (the unit for each bar is some degree of bits per second).
Services like Speedtest.net allow you to measure the throughput of your network connection, but are generally designed for use with a web browser. The command-line tool
speedtest-cli allows you to interact with Speedtest.net’s measurement servers. For an even lighter-weight solution, first obtain the list of Speedtest.net servers at http://www.speedtest.net/speedtest-servers.php. Next, choose a nearby server from the list and run
time wget http://sto-chic-01.sys.comcast.net/speedtest/random4000x4000.jpg -O /dev/null.
Installing softflowd on a device that has visibility of your network allows that device to provide NetFlow data representing its observations (see beholder). Nfcapd can receive such a NetFlow stream and store it to disk (see golem). The nfdump utility will print stored NetFlow data in human-readable form. Here are some useful invocations of nfdump:
Print first five flows of month
nfdump -R . -c 5 -t 2020/01
Print first five flows of date range
nfdump -R . -c 5 -t 2020/01/01-2020/01/07
Print first five flows of time period
nfdump -R . -c 5 -t 2020/01/01.12-2020/01/01.13
Top users of upload bandwidth
nfdump -R . -s srcip/bytes -L +10M 'src net 192.168.1.0/24'
Top users of download bandwidth
nfdump -R . -s dstip/bytes -L +10M 'dst net 192.168.1.0/24'
Biggest download sources off local network
nfdump -R . -s srcip/bytes -L +10M 'not src net 192.168.1.0/24'
ethtool eth0 will describe the interface
eth0, including the connection speed of the interface.