Difference between revisions of "Network Connection Monitoring in Linux"
m |
m |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | === ss === | |
ss list out all connections. | ss list out all connections. | ||
ss -t tcp only. | ss -t tcp only. | ||
Line 9: | Line 9: | ||
ss -pnt tcp with hostnames not resolved, associated process id's using connection. <- very useful | ss -pnt tcp with hostnames not resolved, associated process id's using connection. <- very useful | ||
ss -s summary statistics | ss -s summary statistics | ||
+ | |||
+ | === netstat === | ||
netstat -natp show active Internet connections | netstat -natp show active Internet connections | ||
netstat -tupn | netstat -tupn | ||
− | |||
− | |||
View established connections and associated programs | View established connections and associated programs | ||
sudo netstat -atupen | grep ESTABLISHED | sudo netstat -atupen | grep ESTABLISHED | ||
+ | netstat -nputw | ||
+ | continuously updated | ||
+ | netstat -nputwc | ||
+ | |||
+ | show established connections on port 80, which is commonly used for HTTP traffic. | ||
+ | netstat -anp | grep ESTABLISHED | grep :80 | ||
+ | |||
+ | === tcpdump === | ||
+ | |||
+ | tcpdump -X -i eth0 | ||
+ | |||
+ | Say we want to capture packets from a specific host for analysis: | ||
+ | sudo tcpdump -i eno1 host [[googleusercontent]].com | ||
+ | |||
+ | === lsof === | ||
+ | |||
+ | View established connections and associated programs type TCP only | ||
+ | sudo lsof -nP -iTCP -sTCP:ESTABLISHED | ||
+ | |||
+ | List open files and can help identify the processes associated with network connections; example will show processes that are using port 80 for network connections. | ||
+ | sudo lsof -i :80 | ||
+ | |||
+ | === ethtool === | ||
+ | |||
+ | To get information about your Ethernet interface, you can use: | ||
+ | ethtool eth0 | ||
+ | Replace eth0 with your actual interface name. | ||
+ | |||
+ | === iftop === | ||
+ | |||
+ | iftop is a real-time console-based network bandwidth monitoring tool. | ||
+ | sudo iftop | ||
+ | iftop primarily displays a real-time, interactive view of network bandwidth usage. While it shows the hosts that your system is communicating with, it doesn't directly provide information about the specific software or process associated with each connection. | ||
+ | |||
+ | === nethogs === | ||
+ | |||
+ | nethogs is a command-line utility for Linux systems that provides a real-time, per-process monitoring of network bandwidth consumption. It helps you identify which processes or applications on your system are using the network and how much bandwidth each process is consuming. | ||
+ | |||
+ | It breaks down network usage by individual processes, making it easy to identify which applications or services are responsible for network activity. | ||
+ | |||
+ | Run as priveledged user. | ||
+ | sudo nethogs | ||
+ | |||
+ | |||
+ | |||
+ | [[Category:Computer_Technology]] | ||
+ | [[Category:Linux]] | ||
+ | [[Category:Security]] |
Latest revision as of 21:50, 11 January 2024
ss
ss list out all connections. ss -t tcp only. ss -u udp only. ss -x unix only. ss -a -A udp report both "CONNECTED" and "LISTENING" sockets udp ss -nt tcp with hostnames not resolved. ss -ltn listening sockets only, tcp with hostnames not resolved. ss -pnt tcp with hostnames not resolved, associated process id's using connection. <- very useful ss -s summary statistics
netstat
netstat -natp show active Internet connections netstat -tupn
View established connections and associated programs
sudo netstat -atupen | grep ESTABLISHED netstat -nputw
continuously updated
netstat -nputwc
show established connections on port 80, which is commonly used for HTTP traffic.
netstat -anp | grep ESTABLISHED | grep :80
tcpdump
tcpdump -X -i eth0
Say we want to capture packets from a specific host for analysis:
sudo tcpdump -i eno1 host googleusercontent.com
lsof
View established connections and associated programs type TCP only
sudo lsof -nP -iTCP -sTCP:ESTABLISHED
List open files and can help identify the processes associated with network connections; example will show processes that are using port 80 for network connections.
sudo lsof -i :80
ethtool
To get information about your Ethernet interface, you can use:
ethtool eth0
Replace eth0 with your actual interface name.
iftop
iftop is a real-time console-based network bandwidth monitoring tool.
sudo iftop
iftop primarily displays a real-time, interactive view of network bandwidth usage. While it shows the hosts that your system is communicating with, it doesn't directly provide information about the specific software or process associated with each connection.
nethogs
nethogs is a command-line utility for Linux systems that provides a real-time, per-process monitoring of network bandwidth consumption. It helps you identify which processes or applications on your system are using the network and how much bandwidth each process is consuming.
It breaks down network usage by individual processes, making it easy to identify which applications or services are responsible for network activity.
Run as priveledged user.
sudo nethogs