Network monitoring

Mar 12, 2020

Monitoring a network from the command line

It is often convenient to monitor a network from the command line. For example, the use of command-line tools allows you to log into an OpenWrt router remotely in order to diagnose a network performance problem. Here I describe how to use some common open-source tools.

Bmon

Bmon monitors the use of a network interface in aggregate; it provides real-time information about the utilization of the network interfaces in a computer. After running bmon, you will likely want to press d and g to provide a detailed and graphical display, respectively. The graphical display plots utilization over time.

Iftop

Iftop helps determine the degree to which individual connections are using the network. For example, running iftop -i eth0 -P will show the connections making use of the interface eth0. Each measurement is displayed using two lines, which represent the two directions of communication. Behind each line, iftop displays, using a highlight, a bar which is proportional to the percentage the respective connection represents of the total network utilization (the unit for each bar is some degree of bits per second).

Throughput tests

Services like Speedtest.net allow you to measure the throughput of your network connection, but are generally designed for use with a web browser. The command-line tool speedtest-cli allows you to interact with Speedtest.net’s measurement servers. For an even lighter-weight solution, first obtain the list of Speedtest.net servers at http://www.speedtest.net/speedtest-servers.php. Next, choose a nearby server from the list and run time wget http://sto-chic-01.sys.comcast.net/speedtest/random4000x4000.jpg -O /dev/null.

NetFlow

Installing softflowd on a device that has visibility of your network allows that device to provide NetFlow data representing its observations (see beholder). Nfcapd can receive such a NetFlow stream and store it to disk (see golem). The nfdump utility will print stored NetFlow data in human-readable form. Here are some useful invocations of nfdump:

Print first five flows of month

nfdump -R . -c 5 -t 2020/01

Print first five flows of date range

nfdump -R . -c 5 -t 2020/01/01-2020/01/07

Print first five flows of time period

nfdump -R . -c 5 -t 2020/01/01.12-2020/01/01.13

Top users of upload bandwidth

nfdump -R . -s srcip/bytes -L +10M 'src net 192.168.1.0/24'

Top users of download bandwidth

nfdump -R . -s dstip/bytes -L +10M 'dst net 192.168.1.0/24'

Biggest download sources off local network

nfdump -R . -s srcip/bytes -L +10M 'not src net 192.168.1.0/24'

Ethtool

Running ethtool eth0 will describe the interface eth0, including the connection speed of the interface.