what service/program is using what port: https://dwaves.org/2015/06/16/linux-list-all-open-ports-and-listening-services/

IPTraf, Iftop, vnstat, bwm-ng, ifconfig -a

graphical:

gives you overall statistics

the blue stuff on the left: iptraf

manpage: iptraf-ng.man.txt

you probably want to let it run in a screen session, in order to collect data, while you are not logged in.

# setup iptraf on fedora/redhat/centos
yum search iptraf
# will lead you to
yum install iptraf-ng.x86_64

# what repo does it come from?
repoquery -i iptraf-ng.x86_64
Name        : iptraf-ng
Version     : 1.1.4
Release     : 7.el7
Architecture: x86_64
Size        : 659409
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Group       : Applications/System
URL         : https://github.com/iptraf-ng/iptraf-ng/
Repository  : base
Summary     : A console-based network monitoring utility
Source      : iptraf-ng-1.1.4-7.el7.src.rpm
Description :
IPTraf-ng is a console-based network monitoring utility.

„This program can be used to determine the type of traffic on your network, and what kind of service is the most heavily used on what machines, among others.“ (src)

„IPTraf gathers data like TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

IPTraf-ng features include an IP traffic monitor which shows TCP flag information, packet and byte counts, ICMP details, OSPF packet types, and oversized IP packet warnings;

interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity and packet size counts;

a TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports, a LAN statistics module that discovers active hosts and displays statistics about their activity;

TCP, UDP and other protocol display filters so you can view just the traffic you want;

logging; support for Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interfaces;

and utilization of the built-in raw socket interface of the Linux kernel, so it can be used on a wide variety of supported network cards.“

https://superuser.com/questions/356907/how-to-get-real-time-network-statistics-in-linux-with-kb-mb-bytes-format-and-for

iftop

gives you per-ip bandwidth usage.

manpage: iftop.man.txt

yum install iftop

non-grafical/raw text:

the most basic overall/general overview over utilization of interfaces, updates statistics every second:

while true; do ifconfig -a; sleep 1; clear; done

show all post/get requests on interface enp3s0

vim /scripts/tcpdump_show_get_requests.sh
#!/bin/bash
echo "=========== show GET REQUESTS"
tcpdump -i enp3s0 -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'

vim /scripts/tcpdump_show_post_requests.sh 
#!/bin/bash
echo "=========== show POST REQUESTS"
tcpdump -i enp3s0 -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354'

with tcpdump you can monitor IP packages, UDP packages, ICMP (ping).

zypper install tcpdump; # comes preinstalled in suse12
apt-get install tcpdump; # debian8
yum install tcpdump; # centos7 redhat

tcpdump -i eth0
tcpdump -vnni eth0; # very verbose

root@Debian8:~# tcpdump -vi eth0|grep 192.168; # filter for source IP
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

    192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64
    192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64
    192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 3, length 64
...

Links:

https://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/

admin