In the daily operation and maintenance environment, we will certainly meet this demand the following:
1, network traffic anomaly, I do not know what program the traffic soared?
2, real-time monitoring of network traffic daily needs into the data
based on the needs of these two points, today to share two very powerful tool command:
Nethogs
Nload
1.Nethogs
1.1 Nethogs introduce
NetHogs is an open source command line tool (similar to Linux's top command), according to real-time statistical process or program network bandwidth usage.
NetHogs is a small net top tool, unlike most of the tools for each protocol slow down or speed bandwidth for each subnet but grouped process. NetHogs do not need to rely on a special kernel module loaded. If the network congestion occurs you can start NetHogs immediately see which PID caused by this situation. This makes it easy to find out which program gets lost and then suddenly take up your bandwidth.
1.2 Nethogs installation
Installation dependencies
yum install libpcap libpcap-devel -y
yum -y install epel-release
Installation nethogs
[root@rs-server ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@rs-server ~]# uname -r
3.10.0-693.el7.x86_64
[root@rs-server ~]# yum install nethogs -y
[root@rs-server ~]# nethogs -help
usage: nethogs [-V] [-h] [-b] [-d seconds] [-v mode] [-c count] [-t] [-p] [-s] [device [device [device ...]]]
-V : prints version.
-h : prints this help.
-b : bughunt mode - implies tracemode.
-d : delay for update refresh rate in seconds. default is 1.
-v : view mode (0 = KB/s, 1 = total KB, 2 = total B, 3 = total MB). default is 0.
-c : number of updates. default is 0 (unlimited).
-t : tracemode.
-p : sniff in promiscious mode (not recommended).
-s : sort output by sent column.
-a : monitor all devices, even loopback/stopped ones.
device : device(s) to monitor. default is all interfaces up and running excluding loopback
When nethogs is running, press:
q: quit
s: sort by SENT traffic
r: sort by RECEIVE traffic
m: switch between total (KB, B, MB) and KB/s mode
Enter the command nethogs -help help information appears, indicating a successful installation, very simple and fast.
1.3 Nethogs Commands
The following are some of NetHogs interactive command (keyboard shortcut)
m: Change Units
r: Sort by Flow
s: Sort by sending traffic
q: exit the command prompt
Parameter Description:
-V: display version information, note the capital letter V.
-v: switching the display unit, the default is the default KB / s (0 indicates KB / s, 1 represents KB, 2 represents B, 3 represents MB)
-c: detecting the number (followed immediately Digital)
-a: to detect all devices
-d: delay update refresh rate, in seconds. The default is 1.
-t: tracking mode.
-b: bug hunting mode - - means tracking mode.
-p: mixed mode (not recommended).
device:. to monitor the device name defaults to eth0
1.4 Nethogs practice
[root@rs-server ~]# nethogs
Ethernet link detected
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
NetHogs version 0.8.5
PID USER PROGRAM DEV SENT RECEIVED
1023 root sshd: root@pts/0 ens33 0.166 0.059 KB/sec
? root unknown TCP 0.000 0.000 KB/sec
TOTAL 0.166 0.059 KB/sec
Directly above the display interface command nethogs
[root@rs-server ~]# nethogs -d 2 -v 3 -c 5 -a
Ethernet link detected
Ethernet link detected
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
NetHogs version 0.8.5
PID USER PROGRAM DEV SENT RECEIVED
1023 root sshd: root@pts/0 ens33 0.001 0.000 MB
? root unknown TCP 0.000 0.000 MB
TOTAL 0.001 0.000 MB
nethogs command function is very powerful, seize the time to practice it! !
2.Nload
2.1 Introduction nload
nload is a real-time monitoring of network traffic and bandwidth usage, traffic conditions and out of the show, not only values, can also have dynamic map display.
2.2 nload installation
[root@rs-server ~]# yum -y install epel-release
nload installation
[root@rs-server ~]# yum install nload -y
nload If you enter this command directly to the default view only the first network flow out of the situation, generally designated network behind nload, you can specify multiple networks.
2.3 nload operation Introduction
nload default is divided into two:
The upper half is: Incoming traffic that is entering the card,
The bottom half is: Outgoing, that is, the flow out from this card,
Each section has current flow (Curr),
The average flow rate (Avg),
The minimum flow rate (Min),
The maximum flow rate (Max),
The sum of the flow rate (the Ttl) these parts, still looks very straightforward.
nload default is eth0 network card, if you want to monitor eth1 NIC traffic
#nload eth1
Parameter Description
-a: all the data refresh time period, in seconds, the default is 300.
-i: FIG flow into the aspect ratio of the maximum value of the card is provided, the default 10240 kBit / s.
-m: do not display traffic graphs to show only statistics.
-o: Ratio of Flow Chart sets the maximum value out of the card, the default 10240 kBit / s.
-t: data display refresh time interval, in milliseconds, default 500.
-u:. Set the right Curr, Avg, Min, Max unit of data, the default is to automatically change the different units of attention to the case!
h|b|k|m|g h: auto, b: Bit/s, k: kBit/s, m: MBit/s etc.
H|B|K|M|G H: auto, B: Byte/s, K: kByte/s, M: MByte/s etc.
-U:. Ttl data unit provided to the right, the default is automatically note the case becomes different units (the same -u)!
Devices: Self-defined monitoring network cards, the default is all monitored using left and right keys to switch.
Interface operation
Down arrow keys, direction keys, Enter key or tab keys can be switched to view a plurality of traffic conditions card
Press F2 to display the options window.
Press F5 to save the current settings to the user profile.
Press F6 to reload the settings from the configuration file.
Press q or Ctrl + C to exit nload.
2.4 nload practice
Device ens33 [192.168.1.100] (1/1):
============================================================================
Incoming:
Curr: 936.00 Bit/s
Avg: 1.27 kBit/s
Min: 840.00 Bit/s
Max: 6.26 kBit/s
Ttl: 8.78 MByte
Outgoing:
Curr: 7.70 kBit/s
Avg: 7.70 kBit/s
Min: 3.97 kBit/s
Max: 10.49 kBit/s
Ttl: 299.35 kByte
More parameters related to the operation, you can own to practice.