How much bandwidth is my Linux system using, and other network info.

Recently I was building a new Oracle Linux yum repository for a project, and had to kick off a uln-yum-mirror. This process is the key to making a local copy of an Oracle yum repository, enabling local hosts to use the repository. The install is fairly straight forward, but the synchronization was taking longer than I thought it would, and after 12 hours I decided to look at what the network was doing. So I quickly installed IPtraf, an open source character based network reporting tool. Since I was already using Oracle Linux, installation was a snap using yum.

[root@ulnrepo ~]# yum -y install iptraf
Loaded plugins: rhnplugin, security, ulninfo
This system is receiving updates from ULN.
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package iptraf.x86_64 0:3.0.1-14.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=============================================
Package         Arch           Version           Repository         Size
=============================================
Installing:
iptraf              x86_64        3.0.1-14.el6     public_ol6_latest      315 k

Transaction Summary
============================================
Install       1 Package(s)

Total download size: 315 k
Installed size: 681 k
Downloading Packages:
iptraf-3.0.1-14.el6.x86_64.rpm                        | 315 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : iptraf-3.0.1-14.el6.x86_64                                  1/1
Verifying : iptraf-3.0.1-14.el6.x86_64                                 1/1

Installed:
iptraf.x86_64 0:3.0.1-14.el6

Complete!
[root@ulnrepo ~]#

Now that it’s installed, lets see what it can show me about the network. Run
it as root, with the command “iptraf”

When you first run it, you will get the about screen, showing version and
NU GPL2 license info,

Hit the any key and your now at the main menu. From here you have several
choices;

IP Traffic Monitor – This is a real time sniffer, showing IP information and
will display the source and destination traffic on the server, along with the
unusual traffic seen. This is great way to identify what systems are consuming
packets, and if your having issue like network broadcast storms. In this
example, I can see most of my traffic is me sshed into the machine
( 172.20.0.140/10.11.254.67) ,and then multiple sessions of https traffic
to/from 137.254.56.42/172.20.0.140)

General Interface Statistics – This screen will show interface level stats,
mainly the number of packets and a bandwidth summary for each interface,
The box is currently using about 2 kb/s or about 2.2 mb/s. Not a lot of bandwidth
for a box that is suppose to be downloading a ton of RPMs. Lets look at the other
options too see some more details.

Detailed Interface Statistics- This is a more detailed view of the traffic,
breaking it by protocol and incoming/outgoing packets and bytes.

Statistical Breakdown – When you enter this option, you can pick a more detailed
breakdown by either packet size or port. I use port, mainly because I wanted to see
how much https was being moved. While I see traffic other than SSH (22) and httpd
(443), the bulk of the packets are httpd. This is verifying that the download is actually
the number one use of bandwidth.

LAN Station Monitor – This is a helpful tool, as it will show the MAC addresses
that the server is talking to. You can also use the S option to sort the display, in this
case I sorted by bytes in. That MAC address happens to be the firewall.

Filters – Here you can define powerful filters, that can isolate a specific host, host
range, port and more. You can also show the opposite of a rule, so in this example
I am going to have the filter display all traffic other than port 22 (ssh). This is VERY
helpful when trying to identify traffic on a busy server. Do not forget to apply the
filter once you define one.

Configure – Here you can set several options, like reverse DNS lookups, timers,
port ranges and more.

Exit – Does what it says, exits the program

While the tool has the nice CUI, you can bypass the menu using a command
line switch. An example is “iptraf –s eth0”, which will take you straight to the
TCP/UDP statistical breakdown. iptraff –h to see all the options.

While, not a long BLOG, hopefully it has introduced to a neat little program, and
will help you better understand an easy way to see what network traffic your Linux
server is dealing with.

Author: admin

Erik is currently an Oracle ACE Director and VP of Enterprise Transformation at Mythics, serving as a lead strategist for Federal, State and Local Government and Commercial customers throughout the United States. These customer engagements include enterprise cloud transformations, data center consolidation and modernization efforts, Big Data projects and implementations of Oracle Engineered Systems. He is a board member of the DC metro area National Capital Oracle User Group, a board member of the Independent Oracle Users Group (IOUG), Cloud Computing Special Interest Group (SIG) and he is actively involved with the Oracle Enterprise Manager SIGs. Erik presents frequently at conferences, including Oracle OpenWorld, Oracle FedForum, COLLABORATE and other user groups and conferences around the United States. He has worked with Oracle and Sun Systems since the mid 90s, and is experienced with most of the core Oracle technologies.

When not flying to the far points of the country from the Atlanta Metro area, he enjoys spending time with his family at their observatory, where the telescopes outnumber the people.

One Comment

Thank you for the good writeup. It in fact was a entertainment account it.

Glance complex to far introduced agreeable from you!

However, how can we keep in touch?

Author: admin

Related Posts

One Comment

Leave a Reply Cancel reply