Monthly Archive 20 October 2017

3 Linux Network Monitors

Learn more about your network connections with the iftop, Nethogs, and vnstat tools.

You can learn an amazing amount of information about your network connections with these three glorious Linux networking commands. iftop tracks network connections by process number, Nethogs quickly reveals what is hogging your bandwidth, and vnstat runs as a nice lightweight daemon to record your usage over time.

iftop

The excellent iftop listens to the network interface that you specify, and displays connections in a top-style interface.

This is a great little tool for quickly identifying hogs, measuring speed, and also to maintain a running total of your network traffic.

If you have just one network interface, run iftop with no options. iftop requires root permissions:

$ sudo iftop

When you have more than one, specify the interface you want to monitor:

$ sudo iftop -i wlan0

Just like top, you can change the display options while it is running.

  • h toggles the help screen.
  • n toggles name resolution.
  • s toggles source host display, and d toggles the destination hosts.
  • s toggles port numbers.
  • N toggles port resolution; to see all port numbers toggle resolution off.
  • t toggles the text interface. The default display requires ncurses. I think the text display is more readable and better-organized (Figure 1).
  • p pauses the display.
  • q quits the program.

text display

Figure 1: The text display is readable and organized.
When you toggle the display options, iftop continues to measure all traffic. You can also select a single host to monitor. You need the host’s IP address and netmask. I was curious how much of a load Pandora put on my sad little meager bandwidth cap, so first I used dig to find their IP address:
$ dig A pandora.com
[...]
;; ANSWER SECTION:
pandora.com.            267     IN      A       208.85.40.20
pandora.com.            267     IN      A       208.85.40.50

 

$ sudo iftop -F 208.85.40.20/24 -i wlan0

Is that not seriously groovy? I was surprised to learn that Pandora is easy on my precious bits, using around 500Kb per hour. And, like most streaming services, Pandora’s traffic comes in spurts and relies on caching to smooth out the lumps and bumps.

You can do the same with IPv6 addresses, using the -G option. Consult the fine man page to learn the rest of iftop’s features, including customizing your default options with a personal configuration file, and applying custom filters (see PCAP-FILTER for a filter reference).

Nethogs

When you want to quickly learn who is sucking up your bandwidth, Nethogs is fast and easy. Run it as root and specify the interface to listen on. It displays the hoggy application and the process number, so that you may kill it if you so desire:

$ sudo nethogs wlan0

NetHogs version 0.8.1

PID USER   PROGRAM              DEV    SENT   RECEIVED       
7690 carla /usr/lib/firefox     wlan0 12.494 556.580 KB/sec
5648 carla .../chromium-browser wlan0  0.052   0.038 KB/sec
TOTAL                                 12.546 556.618 KB/sec

Nethogs has few options: cycling between kb/s, kb, b, and mb, sorting by received or sent packets, and adjusting the delay between refreshes. See man nethogs, or run nethogs -h.

vnstat

vnstat is the easiest network data collector to use. It is lightweight and does not need root permissions. It runs as a daemon and records your network statistics over time. The vnstatcommand displays the accumulated data:

$ vnstat -i wlan0
Database updated: Tue Oct 17 08:36:38 2017

   wlan0 since 10/17/2017

          rx:  45.27 MiB      tx:  3.77 MiB      total:  49.04 MiB

   monthly
                     rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
       Oct '17     45.27 MiB |    3.77 MiB |   49.04 MiB |    0.28 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated        85 MiB |       5 MiB |      90 MiB |

   daily
                     rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
         today     45.27 MiB |    3.77 MiB |   49.04 MiB |   12.96 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated       125 MiB |       8 MiB |     133 MiB |

By default it displays all network interfaces. Use the -i option to select a single interface. Merge the data of multiple interfaces this way:

$ vnstat -i wlan0+eth0+eth1

You can filter the display in several ways:

  • -h displays statistics by hours.
  • -d displays statistics by days.
  • -w and -m displays statistics by weeks and months.
  • Watch live updates with the -l option.

This command deletes the database for wlan1 and stops watching it:

$ vnstat -i wlan1 --delete

This command creates an alias for a network interface. This example uses one of the weird interface names from Ubuntu 16.04:

$ vnstat -u -i enp0s25 --nick eth0

By default vnstat monitors eth0. You can change this in /etc/vnstat.conf, or create your own personal configuration file in your home directory. See man vnstat for a complete reference.

You can also install vnstati to create simple, colored graphs (Figure 2):

$ vnstati -s -i wlx7cdd90a0a1c2 -o vnstat.png

vnstati

Figure 2: You can create simple colored graphs with vnstati.

See man vnstati for complete options.

Linux Rename Eth0 Network Interfaces

The best way to rename Ethernet devices is through udev. It is the device manager for the Linux kernel. Primarily, it manages device nodes in /dev. It is the successor of devfs and hotplug, which means that it handles /dev directory and all user space actions when adding/removing devices, including firmware load.

The order of the network interfaces may be unpredictable under certain configurations. Between reboots it usually stays the same, but often after an upgrade to a new kernel or the addition or replacement of a network card (NIC) the order of all network interfaces changes. For example, what used to be rl0 now becomes wlan0 or what used to be eth0 now becoems eth2 or visa versa.

Step #1: Find out the MAC address of the Ethernet device

Type the following command:
# ifconfig -a | grep -i --color hwaddr
Sample outputs:

eth0      Link encap:Ethernet  HWaddr b8:ac:6f:65:31:e5  
pan0      Link encap:Ethernet  HWaddr 4a:71:40:ed:5d:99  
vmnet1    Link encap:Ethernet  HWaddr 00:50:56:c0:00:01  
vmnet8    Link encap:Ethernet  HWaddr 00:50:56:c0:00:08  
wlan0     Link encap:Ethernet  HWaddr 00:21:6a:ca:9b:10

Note down the MAC address.

Step #2: Rename eth0 as wan0

To rename eth0 as wan0, edit a file called 70-persistent-net.rules in /etc/udev/rules.d/directory, enter:
# vi /etc/udev/rules.d/70-persistent-net.rules
The names of the Ethernet devices are listed in this file as follows:

# PCI device 0x14e4:0x1680 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="b8:ac:6f:65:31:e5", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Locate and identify the line with the NIC from step 1 (look for the MAC address). It may look like above. In this example, the interface eth0 will be renamed to wan0 (change NAME="eth0" to NAME="wan0"):

# PCI device 0x14e4:0x1680 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="b8:ac:6f:65:31:e5", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="wan0"

Save and close the file. Reboot the system to test changes:
# reboot
Verify new settings:
# ifconfig -a
# ifconfig wan0
# ifconfig -a | less
# ip addr show

Categories