Difference between revisions of "Network Connection Monitoring in Linux"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
m
 
(5 intermediate revisions by one user not shown)
Line 1: Line 1:
 
+
=== ss ===
 
  ss            list out all connections.
 
  ss            list out all connections.
 
  ss -t          tcp only.   
 
  ss -t          tcp only.   
Line 9: Line 9:
 
  ss -pnt        tcp with hostnames not resolved, associated process id's using connection. <- very useful
 
  ss -pnt        tcp with hostnames not resolved, associated process id's using connection. <- very useful
 
  ss -s          summary statistics
 
  ss -s          summary statistics
 +
 +
=== netstat ===
 
   
 
   
 
  netstat -natp  show active Internet connections
 
  netstat -natp  show active Internet connections
 
  netstat -tupn
 
  netstat -tupn
 
tcpdump -X -i eth0
 
  
 
View established connections and associated programs
 
View established connections and associated programs
Line 20: Line 20:
 
continuously updated
 
continuously updated
 
  netstat -nputwc
 
  netstat -nputwc
 +
 +
show established connections on port 80, which is commonly used for HTTP traffic.
 +
netstat -anp | grep ESTABLISHED | grep :80
 +
 +
=== tcpdump ===
 +
 +
tcpdump -X -i eth0
 +
 +
Say we want to capture packets from a specific host for analysis:
 +
sudo tcpdump -i eno1 host [[googleusercontent]].com
 +
 +
=== lsof ===
  
 
View established connections and associated programs type TCP only
 
View established connections and associated programs type TCP only
 
  sudo lsof -nP -iTCP -sTCP:ESTABLISHED
 
  sudo lsof -nP -iTCP -sTCP:ESTABLISHED
 +
 +
List open files and can help identify the processes associated with network connections; example will show processes that are using port 80 for network connections.
 +
sudo lsof -i :80
 +
 +
=== ethtool ===
 +
 +
To get information about your Ethernet interface, you can use:
 +
ethtool eth0
 +
Replace eth0 with your actual interface name.
 +
 +
=== iftop ===
 +
 +
iftop is a real-time console-based network bandwidth monitoring tool. 
 +
sudo iftop
 +
iftop primarily displays a real-time, interactive view of network bandwidth usage. While it shows the hosts that your system is communicating with, it doesn't directly provide information about the specific software or process associated with each connection.
 +
 +
=== nethogs ===
 +
 +
nethogs is a command-line utility for Linux systems that provides a real-time, per-process monitoring of network bandwidth consumption. It helps you identify which processes or applications on your system are using the network and how much bandwidth each process is consuming. 
 +
 +
It breaks down network usage by individual processes, making it easy to identify which applications or services are responsible for network activity.
 +
 +
Run as priveledged user. 
 +
sudo nethogs
 +
 +
 +
 +
[[Category:Computer_Technology]]
 +
[[Category:Linux]]
 +
[[Category:Security]]

Latest revision as of 21:50, 11 January 2024

ss

ss             list out all connections.
ss -t          tcp only.  
ss -u          udp only.
ss -x          unix only.
ss -a -A udp   report both "CONNECTED" and "LISTENING" sockets udp
ss -nt         tcp with hostnames not resolved.
ss -ltn        listening sockets only, tcp with hostnames not resolved.
ss -pnt        tcp with hostnames not resolved, associated process id's using connection. <- very useful
ss -s          summary statistics

netstat

netstat -natp  show active Internet connections
netstat -tupn

View established connections and associated programs

sudo netstat -atupen | grep ESTABLISHED
netstat -nputw

continuously updated

netstat -nputwc

show established connections on port 80, which is commonly used for HTTP traffic.

netstat -anp | grep ESTABLISHED | grep :80

tcpdump

tcpdump -X -i eth0

Say we want to capture packets from a specific host for analysis:

sudo tcpdump -i eno1 host googleusercontent.com

lsof

View established connections and associated programs type TCP only

sudo lsof -nP -iTCP -sTCP:ESTABLISHED

List open files and can help identify the processes associated with network connections; example will show processes that are using port 80 for network connections.

sudo lsof -i :80

ethtool

To get information about your Ethernet interface, you can use:

ethtool eth0

Replace eth0 with your actual interface name.

iftop

iftop is a real-time console-based network bandwidth monitoring tool.

sudo iftop

iftop primarily displays a real-time, interactive view of network bandwidth usage. While it shows the hosts that your system is communicating with, it doesn't directly provide information about the specific software or process associated with each connection.

nethogs

nethogs is a command-line utility for Linux systems that provides a real-time, per-process monitoring of network bandwidth consumption. It helps you identify which processes or applications on your system are using the network and how much bandwidth each process is consuming.

It breaks down network usage by individual processes, making it easy to identify which applications or services are responsible for network activity.

Run as priveledged user.

sudo nethogs