IPTraf, Iftop, vnstat, bwm-ng, ifconfig -a
gives you overall statistics
the blue stuff on the left: iptraf
you probably want to let it run in a screen session, in order to collect data, while you are not logged in.
# setup iptraf on fedora/redhat/centos yum search iptraf # will lead you to yum install iptraf-ng.x86_64 # what repo does it come from? repoquery -i iptraf-ng.x86_64 Name : iptraf-ng Version : 1.1.4 Release : 7.el7 Architecture: x86_64 Size : 659409 Packager : CentOS BuildSystem <http://bugs.centos.org> Group : Applications/System URL : https://github.com/iptraf-ng/iptraf-ng/ Repository : base Summary : A console-based network monitoring utility Source : iptraf-ng-1.1.4-7.el7.src.rpm Description : IPTraf-ng is a console-based network monitoring utility.
„This program can be used to determine the type of traffic on your network, and what kind of service is the most heavily used on what machines, among others.“ (src)
„IPTraf gathers data like TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.
IPTraf-ng features include an IP traffic monitor which shows TCP flag information, packet and byte counts, ICMP details, OSPF packet types, and oversized IP packet warnings;
interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity and packet size counts;
a TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports, a LAN statistics module that discovers active hosts and displays statistics about their activity;
TCP, UDP and other protocol display filters so you can view just the traffic you want;
logging; support for Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interfaces;
and utilization of the built-in raw socket interface of the Linux kernel, so it can be used on a wide variety of supported network cards.“
gives you per-ip bandwidth usage.
yum install iftop
non-grafical/raw text: tcpdump examples
the most basic overall/general overview over utilization of interfaces, updates statistics every second:
while true; do ifconfig -a; sleep 1; clear; done
show only traffic to/form the internet: (well not exactly it also shows the ARP traffic)
tcpdump -ni bge1 not dst net 192.168.0.0./24 and not net 22.214.171.124./24
show http post requests:
tcpdump -i enp3s0 -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
show http post requests:
tcpdump -i enp3s0 -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354'
with tcpdump you can monitor IP packages, UDP packages, ICMP (ping).
zypper install tcpdump; # comes preinstalled in suse12 apt-get install tcpdump; # debian8 yum install tcpdump; # centos7 redhat tcpdump -i eth0 tcpdump -vnni eth0; # very verbose root@Debian8:~# tcpdump -vi eth0|grep 192.168; # filter for source IP tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 3, length 64 ...