Recently I was building a new Oracle Linux yum repository for a project, and had to kick off a uln-yum-mirror. This process is the key to making a local copy of an Oracle yum repository, enabling local hosts to use the repository. The install is fairly straight forward, but the synchronization was taking longer than I thought it would, and after 12 hours I decided to look at what the network was doing. So I quickly installed IPtraf, an open source character based network reporting tool. Since I was already using Oracle Linux, installation was a snap using yum.
[root@ulnrepo ~]# yum -y install iptraf Loaded plugins: rhnplugin, security, ulninfo This system is receiving updates from ULN. Setting up Install Process Resolving Dependencies –> Running transaction check —> Package iptraf.x86_64 0:3.0.1-14.el6 will be installed –> Finished Dependency Resolution
============================================= Package Arch Version Repository Size ============================================= Installing: iptraf x86_64 3.0.1-14.el6 public_ol6_latest 315 k
Total download size: 315 k Installed size: 681 k Downloading Packages: iptraf-3.0.1-14.el6.x86_64.rpm | 315 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : iptraf-3.0.1-14.el6.x86_64 1/1 Verifying : iptraf-3.0.1-14.el6.x86_64 1/1
Installed: iptraf.x86_64 0:3.0.1-14.el6
Complete! [root@ulnrepo ~]#
Now that it’s installed, lets see what it can show me about the network. Run it as root, with the command “iptraf”
When you first run it, you will get the about screen, showing version and NU GPL2 license info,
Hit the any key and your now at the main menu. From here you have several choices;
IP Traffic Monitor – This is a real time sniffer, showing IP information and will display the source and destination traffic on the server, along with the unusual traffic seen. This is great way to identify what systems are consuming packets, and if your having issue like network broadcast storms. In this example, I can see most of my traffic is me sshed into the machine ( 172.20.0.140/10.11.254.67) ,and then multiple sessions of https traffic to/from 220.127.116.11/172.20.0.140)
General Interface Statistics – This screen will show interface level stats, mainly the number of packets and a bandwidth summary for each interface, The box is currently using about 2 kb/s or about 2.2 mb/s. Not a lot of bandwidth for a box that is suppose to be downloading a ton of RPMs. Lets look at the other options too see some more details.
Detailed Interface Statistics- This is a more detailed view of the traffic, breaking it by protocol and incoming/outgoing packets and bytes.
Statistical Breakdown – When you enter this option, you can pick a more detailed breakdown by either packet size or port. I use port, mainly because I wanted to see how much https was being moved. While I see traffic other than SSH (22) and httpd (443), the bulk of the packets are httpd. This is verifying that the download is actually the number one use of bandwidth.
LAN Station Monitor – This is a helpful tool, as it will show the MAC addresses that the server is talking to. You can also use the S option to sort the display, in this case I sorted by bytes in. That MAC address happens to be the firewall.
Filters – Here you can define powerful filters, that can isolate a specific host, host range, port and more. You can also show the opposite of a rule, so in this example I am going to have the filter display all traffic other than port 22 (ssh). This is VERY helpful when trying to identify traffic on a busy server. Do not forget to apply the filter once you define one.
Configure – Here you can set several options, like reverse DNS lookups, timers, port ranges and more.
Exit – Does what it says, exits the program
While the tool has the nice CUI, you can bypass the menu using a command line switch. An example is “iptraf –s eth0”, which will take you straight to the TCP/UDP statistical breakdown. iptraff –h to see all the options.
While, not a long BLOG, hopefully it has introduced to a neat little program, and will help you better understand an easy way to see what network traffic your Linux server is dealing with.