NIC traffic analysis
In production, we often encounter traffic entrance card increases, we like what analysis process, which ip address or occupation of network resources, centralized approach is given below.
View 某进程使用
network bandwidth
scenes to be used:
- You may see a process of bandwidth need to clearly know the PID, process name, transmission speed, reception speed.
- In the native Linux software is not only the exterior, the most in line with the above situation only nethogs.
- nethogs can specify the network card, but you can not specify the PID, which is a drawback.
Installation: package management tools using the system can be installed (yum / apt-get)
yum install libpcap nethogs -y
use:
- Direct use: that monitor the whole LAN traffic
2 bind specific network card (for example: eth0)
View 实时网络带宽
occupancy
Linux view NIC traffic tools iptraf, iftop and nethogs etc., iftop can be used in real-time traffic monitoring NIC (network segment can be specified), reverse resolution IP, display port information.
scenes to be used
- For the analysis of abnormal traffic
- Host up to find and interact with the current host who occupy network resources
installation
Package management tool mounting system (yum, dnf, etc.)
yum install iftop -y
use
- Use
-i
parameter binding NIC
- Use
Parameter Description
=> or <= NIC traffic flow rates Recently, respectively 2s, 10s, 40s of average flow TX Traffic from the network card RX NIC receive traffic TOTAL LAN transmission and reception of the total flow cum iftop start running total flow to the current point in time peak NIC traffic spikes