How much bandwidth is my Linux system using, and other network info.

Recently I was building a new Oracle Linux yum repository for a project, and had to kick off a uln-yum-mirror. This process is the key to making a local copy of an Oracle yum repository, enabling local hosts to use the repository. The install is fairly straight forward, but the synchronization was taking longer than I thought it would, and after 12 hours I decided to look at what the network was doing. So I quickly installed IPtraf, an open source character based network reporting tool. Since I was already using Oracle Linux, installation was a snap using yum.

[root@ulnrepo ~]# yum -y install iptraf
Loaded plugins: rhnplugin, security, ulninfo
This system is receiving updates from ULN.
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package iptraf.x86_64 0:3.0.1-14.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=============================================
Package         Arch           Version           Repository         Size
=============================================
Installing:
iptraf              x86_64        3.0.1-14.el6     public_ol6_latest      315 k

Transaction Summary
============================================
Install       1 Package(s)

Total download size: 315 k
Installed size: 681 k
Downloading Packages:
iptraf-3.0.1-14.el6.x86_64.rpm                        | 315 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : iptraf-3.0.1-14.el6.x86_64                                  1/1
  Verifying  : iptraf-3.0.1-14.el6.x86_64                                 1/1

Installed:
  iptraf.x86_64 0:3.0.1-14.el6

Complete!
[root@ulnrepo ~]#

Now that it’s installed, lets see what it can show me about the network. Run
it as root, with the command “iptraf”

When you first run it, you will get the about screen, showing version and
NU GPL2 license info,
image

Hit the any key and your now at the main menu. From here you have several
choices;

IP Traffic Monitor – This is a real time sniffer, showing IP information and
will display the source and destination traffic on the server, along with the
unusual traffic seen. This is great way to identify what systems are consuming
packets, and if your having issue like network broadcast storms. In this
example, I can see most of my traffic is me sshed  into the machine
( 172.20.0.140/10.11.254.67) ,and then multiple sessions of  https traffic
to/from 137.254.56.42/172.20.0.140) 
image

General Interface Statistics – This screen will show interface level stats,
mainly the number of packets and a bandwidth summary for each interface,
The box is currently using about 2 kb/s or about 2.2 mb/s. Not a lot of bandwidth
for a box that is suppose to be downloading a ton of RPMs.  Lets look at the other
options too see some more details.
image

Detailed Interface Statistics- This is a more detailed view of the traffic,
breaking it by protocol and incoming/outgoing packets and bytes.
image

Statistical Breakdown – When you enter this option, you can pick a more detailed
breakdown by either packet size or port. I use port, mainly because I wanted to see
how much https was being moved. While I see traffic other than SSH (22) and httpd
(443), the bulk of the packets are httpd. This is verifying that the download is actually
the number one use of bandwidth.
image

LAN Station Monitor – This is a helpful tool, as it will show the MAC addresses
that the server is talking to. You can also use the S option to sort the display, in this
case I sorted by bytes in. That MAC address happens to be the firewall.
image

Filters – Here you can define powerful filters, that can isolate a specific host, host
range, port and more. You can also show the opposite of a rule, so in this example
I am going to have the filter display all traffic other than port 22 (ssh). This is VERY
helpful when trying to identify traffic on a busy server. Do not forget to apply the
filter once you define one.
image

Configure – Here you can set several options, like reverse DNS lookups, timers,
port ranges and more.
image

Exit – Does what it says, exits the program

While the tool has the nice CUI, you can bypass the menu using a command
line switch.  An example is “iptraf –s eth0”, which will take you straight to the
TCP/UDP statistical breakdown. iptraff –h to see all the options.

While, not a long BLOG, hopefully it has introduced to a neat little program, and
will help you better understand an easy way to see what network traffic your Linux
server is dealing with.

Leave a Reply

Your email address will not be published. Required fields are marked *

*