Check the health and availability of your Linux servers for optimal performance with Site24x7's Linux monitoring tool.
Monitoring network traffic helps your computer systems run quickly, efficiently, and securely by applying insights extracted by monitoring tools. Effective network monitoring equips IT teams with the necessary insights to prevent network downtime, overcome network performance bottlenecks, and mitigate various security threats from incoming connections.
In this article, we’ll discuss how to monitor network traffic on Linux systems. As Linux servers are widely used to host applications and administer networks, most network monitoring tools are designed specifically for Linux operating systems. We’ll discuss key command-line interface (CLI) tools that monitor network traffic efficiently on Linux and show various scenarios in which they can be used.
Most modern applications are exposed to various remote networking services via background processes scraping data, push notifications, and web socket connections. This means that your hosts are constantly targeted by traffic from diverse sources. This is especially true about Linux systems, which are widely used as production servers for hosting applications and administering networks. So, understanding network traffic is a key prerequisite for your Linux servers and applications to operate seamlessly.
Here's how efficient network traffic monitoring tools can help IT teams:
Network traffic monitoring is a crucial component of Linux system administration. It requires a systematic approach based on clear identification of goals, performance targets, and adherence to security standards. An effective network monitoring system on Linux servers should be based on three interconnected layers: general network health, incoming traffic, and outgoing traffic.
Understanding the overall state of your network, including network traffic at the interface and device levels, can provide you with insight into network performance and the security of your system. For example, closing unused ports or restricting port access to a list of known IPs can help reduce possible attack vectors on your Linux systems.
Monitoring incoming traffic can help thwart network attacks and maintain the security of your Linux servers (or systems). For example, network traffic monitoring tools can help identify connections that send abnormal amounts of traffic to your host. This can be useful for mitigating DDoS attacks or finding malware installed locally.
Another important metric to monitor is bandwidth utilization by individual processes on your system. It’s useful to know which applications consume the most and the least amount of bandwidth. With this knowledge, you can stop processes that consume a high volume of traffic without the need to be active and/or redistribute network resources to applications experiencing problems.
On top of bandwidth utilization, network traffic monitoring should be integrated with data visualization, data analysis, and alerting systems to ensure a fast transition from detection to resolution of networking issues.
Tools for monitoring network traffic on a Linux system can help system administrators achieve the goals listed above. Usually, these are lightweight command-line utilities that display incoming and outgoing traffic, established network connections, and general network statistics. Some tools are designed to collect network traffic statistics at the interface and device levels, while others allow you to evaluate network traffic at the application level.
We’ll discuss basic features offered by the most popular tools: NetFlow, NetHogs, nload, netstat, and iftp.
NetFlow enables traffic metadata collection as it flows through a device (or interface). Though viewing NetFlow data through a terminal is possible, it is tough to parse through all the data on a CLI. Network monitoring tools like Site24x7 make it easy to collate the metadata and present it in an understandable format on a network monitoring dashboard. This dashboard provides complete visibility into your network with stats on peak traffic, surges in traffic volumes, application and interface traffic, and bandwidth-hogging conversations. Additionally, with this tool, you can analyze flows based on different technologies like J-Flow, sFlow, IPFIX, NetStream, AppFlow, and CFlow.
NetHogs allows grouping bandwidth consumption by an individual process (process identifier). This functionality sets NetHogs apart from most other Linux network tools that group traffic by protocol, interface, or subnet. Grouping traffic by process makes NetHogs useful for identifying the causes of sudden traffic spikes. If your Linux system experiences abnormal traffic activity, NetHogs can help immediately identify the process or processes that are causing the abnormal activity.Fig. 1: Nethogs in the Linux terminal
nload is another console-based network monitoring tool for Linux. It provides information about incoming and outgoing traffic, minimum and maximum network usage, and the volume of data transferred. Its main advantage is the visualization of incoming and outgoing traffic directly in the console. However, unlike NetHogs, nload does not provide information about network bandwidth by PID, which limits its abilities.Fig. 2: Traffic data visualization in nload
Another popular CLI network monitoring tool is netstat. It displays incoming and outgoing network connections for TCP and UDP protocols. The data it collects is organized by the protocol name, local address, foreign address, and connection state (e.g., ESTABLISHED, CLOSE_WAIT, and so on). In addition, netstat provides information about routing tables, network interfaces, and network protocol statistics. It offers options to filter connections based on attributes. For example, netstat can report the total amount of bytes sent and received (-b, -i), provide ethernet statistics (-e) including packets, filter by connection type, and display general network statistics.
iftop, which stands for interface top, allows you to display real-time network bandwidth usage by the network interface and connection or host. Using this utility, you can identify remote hosts that slow down your network and network bandwidth for each available interface: For example, ethernet, software-defined networks, wireless, and more.
Although iftop does not show network traffic by process as NetHogs does, you can easily circumvent this limitation. For example, you can note down the port number from iftop and use
netstat -p to identify the process.
The best approach to network traffic monitoring on Linux is to use a combination of tools. “Network top” tools, such as NetHogs, are useful for identifying bandwidth bottlenecks and redistributing resources among applications efficiently. General network tools, such as iftop and netstat, help collect bandwidth data at the interface and protocol levels. While most CLI-based network traffic monitoring tools are sufficient for maintaining the speed, efficiency, and security of Linux networks, intuitive UI-based network tools like Site24x7's NetFlow Analyzer provide powerful network traffic visualization capabilities for more effective network monitoring.
CPU run queue length helps understand and solve load issues. Learn the commands to monitor CPU run queue and how to solve high load issues.➤
Learn how to monitor the Linux server performance using various available metrics like CPU usage, CPU load, disk usage, etc and to troubleshoot and fix slow-running Linux servers➤
Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 “Learn” portal. Get paid for your writing.Apply Now