2010-10-21 10:24:30 
阿炯
Bandwidth in computer networking refers to the data rate supported by a network connection or interface. One most commonly expresses bandwidth in terms of bits per second (bps). The term comes from the field of electrical engineering, where bandwidth represents the total distance or range between the highest and lowest signals on the communication channel (band).
本文将介绍在debian linux下可以用来监控网络流量的工具,当然此类工具数量会比较多,我也将会不断更新。工具列表如下:
bmon
bwbar
bwm
bwm-ng
iftop
iperf
ipfm
speedometer
cbm
ibmonitor
pktstat
nload
vnstat
iptraf
ifstat
dstat
MRTG
cacti
nethogs
slurm
trafshow
各个工具的介绍
下面是按功能划分的分类介绍。
监控总体带宽使用:nload、bmon、slurm、bwm-ng、cbm、speedometer和netload
监控总体带宽使用(批量式输出):vnstat、ifstat、dstat和collectl
每个套接字连接的带宽使用:iftop、iptraf、tcptrack、pktstat、netwatch和trafshow
每个进程的带宽使用:nethogs
接下来将简单地分开介绍其它功能用途,其后再具逐一介绍。
speedometer是另一款小巧而简单的工具,仅仅绘制外观漂亮的图形,显示通过某个接口传输的入站流量和出站流量。
pktstat可以实时显示所有活动连接,并显示哪些数据通过这些活动连接传输的速度。它还可以显示连接类型,比如TCP连接或UDP连接;如果涉及HTTP连接,还会显示关于HTTP请求的详细信息。
netwatch是netdiag工具库的一部分,它也可以显示本地主机与其他远程主机之间的连接,并显示哪些数据在每个连接上所传输的速度。
与netwatch和pktstat一样,trafshow也可以报告当前活动连接、它们使用的协议以及每条连接上的数据传输速度。它能使用pcap类型过滤器,对连接进行过滤。
netload命令只显示关于当前流量负载的一份简短报告,并显示自程序启动以来所传输的总字节量。没有更多的功能特性。它是netdiag的一部分。
ifstat能够以批处理式模式显示网络带宽。输出采用的一种格式便于用户使用其他程序或实用工具来记入日志和分析。
dstat是一款用途广泛的工具(用python语言编写),它可以监控系统的不同统计信息,并使用批处理模式来报告,或者将相关数据记入到CSV或类似的文件。
bwm-ng(下一代带宽监控器)是另一款非常简单的实时网络负载监控工具,可以报告摘要信息,显示进出系统上所有可用网络接口的不同数据的传输速度。
tcptrack类似iftop,使用pcap库来捕获数据包,并计算各种统计信息,比如每个连接所使用的带宽。它还支持标准的pcap过滤器,这些过滤器可用来监控特定的连接。
slurm是另一款网络负载监控器,可以显示设备的统计信息,还能显示ASCII图形。它支持三种不同类型的图形,使用c键、s键和l键即可激活每种图形。slurm功能简单,无法显示关于网络负载的任何更进一步的详细信息。
bmon(带宽监控器)是一款类似nload的工具,它可以显示系统上所有网络接口的流量负载。输出结果还含有图表和剖面,附有数据包层面的详细信息。
nethogs是一款小巧的"net top"工具,可以显示每个进程所使用的带宽,并对列表排序,将耗用带宽最多的进程排在最上面。万一出现带宽使用突然激增的情况,用户迅速打开nethogs,就可以找到导致带宽使用激增的进程。nethogs可以报告程序的进程编号(PID)、用户和路径。
iptraf是一款交互式、色彩鲜艳的IP局域网监控工具。它可以显示每个连接以及主机之间传输的数据量。IPTraf允许同时运行多个进程,但是一次只有一个进程监听某个或者所有的网络接口。不过一般接口统计(General Interface Statistics)功能除外,一次只能有一个进程执行这个操作。IPTraf的这个特性带来了一个问题,每个进程都要产生日志文件。如果你打开了IPTraf的日志功能,在你使用某个功能时,它都会提示你设置日志文件的名字。这时,你需要自己指定每个示例的日志文件。如果日志文件发生冲突,可能会有无法预料的事情发生。如果你没有指定日志文件的绝对路径,它们就会被记录到默认的日志目录:/var/log/iptraf。
iftop可测量通过每一个套接字连接传输的数据;它采用的工作方式有别于nload。iftop使用pcap库来捕获进出网络适配器的数据包,然后汇总数据包大小和数量,搞清楚总的带宽使用情况。虽然iftop报告每个连接所使用的带宽,但它无法报告参与某个套按字连接的进程名称/编号(ID)。不过由于基于pcap库,iftop能够过滤流量,并报告由过滤器指定的所选定主机连接的带宽使用情况。
nload是个很好用的一个工具,功能也很强。只是相对单一,只能查看总的流量,不能像iptraf那样可针对IP、协议等。可以实时地监控网卡的流量,分Incoming、Outgoing两部分,也就是流入与流出的流量,同时统计当前、平均、最小、最大、总流量的值,使人看了一目了然。nload等一些工具可以读取"proc/net/dev"文件,以获得流量统计信息;而一些工具使用pcap库来捕获所有数据包,然后计算总数据量,从而估计流量负载。
--------------------------------------------
bmon
一种基于ncurses库的小程序,可以获得实时带宽。RX代表网卡的接收速率,TX代表发送速率。同时它还提供一个图形显示,可以比较直观的看到实时的带宽变化。
bmon is a portable bandwidth monitor and rate estimator running on various operating systems. It supports various input methods for different architectures.
Various output modes exist including an interactive curses interface, lightweight HTML output but also formatable ASCII output.
Statistics may be distributed over a network using multicast or unicast and collected at some point to generate a summary of statistics for a set of nodes.
Install bmon in Debian
# apt-get install bmon
--------------------------------------------
bwbar
This program will output a PNG and a text file that can be used in scripts or be included in web pages to show current bandwidth usage. The amount of total bandwidth can be customized. The PNG output appears as a bar graph showing maximum possible usage with the current inbound or outbound usage shown as a differently colored bar.
Install bwbar in Debian
# apt-get install bwbar
This will complete the installation
There is a /etc/default/bwbar file to configure before this package will work and here is my config
# Directory to put files into
DIR=/var/www
# Who to run as
RUNAS=www-data
# What are the options (eth0, scale of 1.5mbps)
OPTIONS=”eth0 1.5″
Now you need to chnage the permissions using the following command
# chown -R www-data:www-data /var/www/bwbar/
Start the bwbar using the following command
# /etc/init.d/bwbar start
You can also launch bwbar using the following command
bwbar eth0 100 -x 200 -y 7 -t 10 -p network.png -f network.txt -d /var/www/bwbar &
You will see at http://serverip/bwbar
--------------------------------------------
bwm
BandWidth Monitor This is a very tiny bandwidth monitor (not X11). Can monitor up to 16 interfaces in the in the same time, and shows totals too.
Install bwm Debian
# apt-get install bwm
--------------------------------------------
bwm-ng
small and simple console-based bandwidth monitor.Bandwidth Monitor NG is a small and simple console-based live bandwidth monitor.
Bandwidth Monitor NG is a small console-based live network and disk I/O bandwidth monitor for Linux, BSD, Solaris, Mac OS X, and others. It supports /proc/net/dev, netstat, getifaddr, sysctl, kstat, /proc/diskstats, /proc/partitions, IOKit, devstat, and libstatgrab. An unlimited number of interfaces and disks are supported. Interfaces and disks are added or removed dynamically from the list. You can white or blacklist interfaces and disks. The output includes KB/s, Kb/s, packets, errors, average, max, and total sum, and can be viewed via curses, a plain console, CSV, or HTML. Configuration can be done through a config file or the command line.
Install bwm-ng in Debian
# apt-get install bwm-ng
--------------------------------------------
iftop
iftop does for network usage what top does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts.
iftop是类似于top的实时流量监控工具。可以用来监控网卡的实时流量(可以指定网段)、反向解析IP、显示端口信息等。
TX:发送流量
RX:接收流量
TOTAL:总流量
Cumm:运行iftop到目前时间的总流量
peak:流量峰值
rates:分别表示过去 2s 10s 40s 的平均流量
#iftop -i eth0 -n 就可以看到eth0网卡的流量状况:
iftop 相关命令 :
监控eth1的网卡的流量
# iftop -i eth1
以位元组(bytes)为单位显示流量(预设是位元bits):
$ iftop -B
直接显示IP, 不进行DNS反解:
$ iftop -n
直接显示连接埠编号, 不显示服务名称:
$ iftop -N
显示某个网段进出封包流量
$ iftop -F 192.168.1.0/24 or 192.168.1.0/255.255.255.0
其他参数可下 iftop -h 看说明.
进入iftop画面时, 可按 p 切换是否显示连接埠, n 切换显示IP或主机的domain name, N切换显示连接埠代号或名称, p暂停显示, b切换是否显示长条, B切换计算几秒内的平均流量, 其他按键可以按h观看说明.
Install iftop in Debian
# apt-get install iftop
--------------------------------------------
ipfm
IP Flow Meter (IPFM) is a bandwidth analysis tool, that measures how much bandwidth specified hosts use on their Internet link.
Important notice
As you may have noticed, IPFM has not been actively developed for years. I (tibob) will no longer maintain or modify IPFM.Have a look at the Similar Projects page fore more active projects. Feel free to complete the page with other projects you know of. Due to spams, the whole trac site has been changed to read-only.
What is IPFM ?
IP Flow Meter (IPFM) is a bandwidth analysis tool, that measures how much bandwidth specified hosts use on their Internet link.
It is written using libpcap (http://www.tcpdump.org), so it ought to be portable. We develop it under Linux and FreeBSD. It was reported to work under OpenBSD, NetBSD and IRIX; if you own other Un*ces, just tell us if it works and/or report any problem.
IPFM is distributed under GPL
What does IPFM do ?
IPFM produces text files containing bandwitdh consumption per host in bytes :
HOST IN OUT TOTAL
host1.domain.com 12345 6666684 6679029
host2.domain.com 1232314 12345 1244659
host3.domain.com 6645632 123 6645755
Almost everything is configurable :
* which hosts to log
* Output time interval and time offset
* Output file name (with date in it)
* reverse DNS resolution
* IN, OUT or TOTAL sorting
Who wrote IPFM ?
Many people contributed to IPFM. Here are main contributors, you should check IPFM changelog for more details.
* Andres KRAPF and Robert CHERAMY wrote first versions of IPFM.
* Samuel Hocevar added some features.
* Loic Tortay wrote a big patch that was partially included into IPFM v0.11.5
Install ipfm in Debian
# apt-get install ipfm
Now if you want to configure this for your network you need to copy example configuration file from /usr/share/doc/ipfm/examples if you want to check this file click here,once you configure this file you need to start the service using the following command
# /etc/init.d/ipfm start
--------------------------------------------
Speedometer
Measure and display the rate of data across a network connection or data being stored in a file.
Install speedometer in Debian
Check which version of python is the default by running
python -V
Then issue the following commands as root to install speedometer (choose the correct Urwid package for your python version, ie. if python -V reports version 2.3.X then install python2.3-urwid)
apt-get install python2.4-urwid
Download the speedometer.py source file.
As user issue the following commands in the directory that you downloaded the source file
# cp speedometer.py /usr/local/bin/speedometer
# chown root: /usr/local/bin/speedometer
# chmod 755 /usr/local/bin/speedometer
Now you can run the speedometer application using the following
/usr/local/bin/speedometer
Speedometer Usage
Usage: speedometer [options] tap [[-c] tap]
Available options
speedometer -h
Usage: speedometer [options] tap [[-c] tap]…
Monitor network traffic or speed/progress of a file transfer. At least one tap must be entered. -c starts a new column, otherwise taps are piled vertically.
Taps:
[-f] filename [size] display download speed [with progress bar]
-f must be used if directly following another file tap without an expected size specified
-rx network-interface display bytes received on network-interface
-tx network-interface display bytes transmitted on network-interface
Options:
-i interval-in-seconds eg. “5″ or “0.25″ default: “1″
-p use plain-text display (one tap only)
-b use old blocky display instead of smoothed display even when UTF-8 encoding is detected
-z report zero size on files that don’t exist instead of waiting for them to be created
Usage Examples
How long it will take for my 38MB transfer to finish?
speedometer favorite_episode.rm $((38*1024*1024))
How quickly is another transfer going?
speedometer dl/big.avi
How fast is this LAN?
$ cat /dev/zero | nc -l -p 12345
$ nc host-a 12345 > /dev/null
$ speedometer -rx eth0
How fast is the upstream on this ADSL line?
speedometer -tx ppp0
How fast can I write data to my filesystem? (with at least 1GB free)
dd bs=1000000 count=1000 if=/dev/zero of=big_nothing &
--------------------------------------------
cbm
cbm — the Color Bandwidth Meter — displays the current traffic on all network devices.
Options
--help
Display some help and exit.
--version
Display version information and exit.
Interactive Control
cbm can be controlled with the following keys:
Up/Down
Select an interface to show details about.
q
Exit from the program.
b
Switch between bits per second and bytes per second.
+
Increase the update delay by 100ms.
-
Decrease the update delay by 100ms.
Install cbm in Debian
First you need to download the .deb package
once you have the .deb package you need to install using the following comamnd
# dpkg -i cbm_0.1-1_i386.deb
--------------------------------------------
pktstat
pktstat listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP,HTTP, and X11) and adds a descriptive name next to the entry (e.g., ‘RETR cd8.iso’, ‘GET http://slashdot.org/’ or ‘xclock -fg blue’).
Display a real-time list of active connections seen on a network interface, and how much bandwidth is being used by what. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Entries hang around on the screen for a few seconds so you can see what just happened. Also accepts filter expressions á la tcpdump.
Install pktstat in Debian
First you need to download .rpm package from here once you have the .rpm package you need to convert this .rpm file to .deb file using alien
Install alien
# apt-get install alien
Now you need to use the follwoing command to convert .rpm to .deb
# alien -k pktstat-1.7.2q-0.i386.rpm
Now you should be having pktstat_1.7.2q-0_i386.deb package
Install pktstat in Debian
# dpkg -i pktstat_1.7.2q-0_i386.deb
--------------------------------------------
ibmonitor
ibmonitor is an interactive linux console application which shows bandwidth consumed and total data transferred on all interfaces.
Its main features are:
Shows received, transmitted and total bandwidth of each interface
Calculates and displays the combined value of all interfaces
Displays total data transferred per interface in KB/MB/GB
Values can be displayed in Kbits/sec(Kbps) and/or KBytes/sec(KBps)
Can show maximum bandwidth consumed on each interface since start of utility
Can show average bandwidth consumption on each interface since start of utility
The output with all features (max, avg and display in Kbps and KBps) easily fits on a 80×24 console or xterm
Can interactively change its output display format depending on key pressed by user.
Install ibmonitor in Debian
First you need to download the latest version from here
wget http://ovh.dl.sourceforge.net/sourceforge/ibmonitor/ibmonitor-1.4.tar.gz
Now you have ibmonitor-1.4.tar.gz
Extract this file using the following commands
tar xvfz ibmonitor-1.4.tar.gz
cd ibmonitor
If you want to run the application use the following command,Once you are in ibmonitor folder use
./ibmonitor
--------------------------------------------
iperf
While tools to measure network performance, such as ttcp, exist, most are very old and have confusing options. Iperf was developed as a modern alternative for measuring TCP and UDP bandwidth performance.
Iperf 是一个网络性能测试工具。Iperf可以测试TCP和UDP带宽质量。Iperf可以测量最大TCP带宽,具有多种参数和UDP特性。Iperf可以报告带宽,延迟抖动和数据包丢失。
Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.
Install iperf in Debian
# apt-get install iperf
iperf Syntax
iperf [-s|-c host] [options]
Example
iperf -c server address -F file-name
iperf -c server address -I
The -F option is for file input.
The -I option is for input from stdin.
If you want more details and available options check man page
--------------------------------------------
tcptrack
tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. It passively watches for connections on the network interface, keeps track of their state and displays a list of connections in a manner similar to the unix ‘top’ command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.
Tcptrack是一个能够显示特定端口上有关TCP连接的嗅探器,它会监视正在发生的所有的连接,并且以一种友好的界面显示相关信息。虽然它采用字符用户界面,却易于理解和查看。Tcptrack随现在流行的几种Linux发行版本打包发行。它为管理员跟踪服务器上的每一个连接提供了一些有用的信息。笔者用Tcptrack跟踪代理服务器以确信每一个用户得到适当的带宽,保证无人占用全部的带宽。它为我们提供了一个监视网络通信的方法,可以提供的信息有如下几个方面:
●源地址和端口
●目标地址和端口
●连接状态
●空闲时间
●带宽利用
Tcptrack还具有过滤特性,它使用pcap过滤标准(与用于tcpdump标准相同)。
安装
Tcptrack安装相当简单,在Debian GNU/Linux或者 ubuntux系统上,可以使用如下的命令安装:
apt-get install tcptrack
使用Tcptrack
只有超级用户(特权用户)才能运行Tcptrack,其基本的使用方法是使用下面的命令:
# tcptrack -i
例如:# tcptrack -i eth1
此后,Tcptrack就会运行,并捕捉所有的TCP连接,并向用户显示这些信息。其它的可选项包括-r和port。-r使得Tcptrack在清除关闭的连接之等待一个指定的时间(以秒计)。例如:
# tcptrack -i eth0 -r 10
Port会根据端口号实施过滤。例如:
# tcptrack -i eth1 port 22
再如:#tcptrack -i eth0 port 80
下面的屏幕给出了tcptrack跟踪的一些细节:
从左到右分别显示客户端的IP地址和端口号、服务器的IP地址和端口号、状态、空闲时间和传输速率。如果用户想查看完整的使用方法,可以阅读其手册。 总之,Tcptrack应该是一个不错的工具。
Install tcptrack in Debian
# apt-get install tcptrack
调用语法
tcptrack [-dfhvp] [-r ] -i []
示例
tcptrack requires only one parameter to run: the -i flag followed by an interface name that you want tcptrack to monitor. This is the most basic way to run tcptrack
tcptrack -i eth0
tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump and other
libpcap-based sniffers. The following example will only show connections from host 10.45.165.2
tcptrack -i eth0 src or dst 10.45.165.2
The next example will only show web traffic (ie, traffic on port 80)
tcptrack -i eth0 port 80
--------------------------------------------
nload
nload is a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in- and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.
nload默认分为上下两块:上半部分是:Incoming也就是进入网卡的流量,下半部分是:Outgoing,也就是从这块网卡出去的流量,每部分都有当前流量(Curr),平均流量 (Avg),最小流量(Min),最大流量(Max),总和流量(Ttl)这几个部分。另外也可以自己定义流量数值显示的单位。
使用‘/usr/local/nload/bin/nload –help’可以看到具体的相关参数了。
nload eth0 - 查看名叫eth0网卡的流量
可查看当前、平均、最小、最大、总共等的流量情况,单位为bit。
--------------------------------------------
vnstat
vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s). It uses the network interface statistics provided by the kernel as information source. This means that vnStat won't actually be sniffing any traffic and also ensures light use of system resources. However, in Linux at least a 2.2 series kernel is required.
vnStat是一个应用于Linux或BSD平台,对网卡流量做监控。 因为并非是基于网络包嗅探的方式而是基于/proc的分析。现在vnStat已经有出vnstat PHP frontend 扩展了,可以以PHP脚本的形式直接调用vnStat监测的数据。
This program is open source / GPL'ed and can be installed either as root or as a single user. Better instructions are included in the README.
Features
* quick and simple to install and get running
* gathered statistics persists through system reboots
* can monitor multiple interfaces at the same time
* several output options
o summary, hourly, daily, monthly, weekly, top 10 days
o optional png image output (using libgd)
* months can be configured to follow billing period
* light, minimal resource usage
* same low cpu usage regardless of traffic
* can be used without root permissions
* online color configuration editor
项目主页:http://humdi.net/vnstat/
--------------------------------------------
iptraf
IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.
IPTraf是一个IP网络监控工具。它拦截网络上的报文,给出报文各个部分的信息。IPTraf能够返回的信息包括:
IP、TCP、UDP、ICMP报文总数和非IP字节数。
TCP连接的源/目的地址和源/目的端口。
TCP报文数和字节数。
TCP标志状态。
UDP源/目的信息。
ICMP类型信息。
OSPF源/目的信息。
TCP和UDP服务统值。
网络接口报文计数。
网络接口IP校验和错误数目。
网络接口活动指示器。
LAN统计
IPTraf能够用于监视IP网络的负载。IPTraf使用Linux内核的内置原始(raw)包捕获接口,可以广泛地用于以太网卡,支持FDDI适配器、ISDN适配器以及任何异步SLIP/PPP接口。
Features
* An IP traffic monitor that shows information on the IP traffic passing over your network. Includes TCP flag information, packet and byte counts, ICMP details, OSPF packet types.
* General and detailed interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity, packet size counts.
* A TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports
* A LAN statistics module that discovers active hosts and shows statistics showing the data activity on them
* TCP, UDP, and other protocol display filters, allowing you to view only traffic you're interested in.
* Logging
* Supports Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interface types.
* Utilizes the built-in raw socket interface of the Linux kernel, allowing it to be used over a wide range of supported network cards.
* Full-screen, menu-driven operation.
启动IPTraf,首先你将看到版权声明,按任意键后就进入了主菜单。注意:使用iptraf需要root权限。IPTraf需要引用/usr /share/terminfo目录中的终端信息数据库,因此如果这个目录位于其它的位置,IPTraf将输出"Error opening terminal"错误信息之后,启动失败。这种情况可以通过如下方式解决:
#TERMINFO=/usr/lib/terminfo
#export TERMINFO
或者填加一个连接:
#ln -s /usr/lib/terminfo /usr/share/terminfo
另外,成IPTraf目前还不支持SIGWINCH处理功能,在xterm或者其它的终端启动iptraf,如果终端的大小改变,IPTraf自己不会调节自己的大小。
命令行选项
与大多数UNIX系统的命令一样,IPTraf还支持一些命令行参数,虽然不多。以下是iptraf支持的所有功能选项:
-i 网络接口
让IPTraf监视特定的网络接口,例如:eth0。-i all表示监视系统的所有网络接口。
-g
网络接口的一般统计信息。
-d 网络接口
显示特定网络接口的详细统计信息。
-s 网络接口
对特定网络接口的TCP/UDP数据流量进行监视。
-z 网络接口
监视局域网的特定网络接口。-l all表示全部。
-t timeout
使IPTraf在指定的时间后,自动退出。如果没有设置IPTraf就会一直运行,直到用户按下退出键(x)才退出。
-B
使IPTraf在后台运行。单独使用无效(被忽略直接进入菜单界面),只能和-i、-g、-d、-s、-z、-l中的某个参数一块使用。
-L filename
如果使用-B参数,使用-L filename使IPTraf把日志信息写入其它的文件(filename)中。如果filename不包括文件的绝对路径,就把文件放在默认的日志目录(/var/log/iptraf)。
-q
这个参数现在已经不用了。原来,如果IPTraf运行在使用IP地址伪装(IP Masquerading)的内核上时,会出现大量的警告信息。现在新版的IP Masquerading代码已经没有这个问题了。
-f
使IPTraf强制清除所有的加锁文件,重置所有实例计数器。
-h
显示简短的帮助信息
--------------------------------------------
ifstat
ifstat报告是一个工具,报告接口状态,是一个网络流量监测程序,能查看网卡的流出和流入的字节。就像网络接口带宽的vmstat / iostat的做其他系统计数器。Ifstat工具是个网络接口监测工具,监控I/O状态和CPU状态。它可以监测本地接口内核投票计数器,或远程主机使用SNMP接口。
使用apt-get安装ifstat
如果你想用这个程序按照此语法
#ifstat
输出看起来像下面
为eth0
KB /秒/秒出以KB
0.12 0.24
0.06 0.12
0.10 0.18
0.06 0.12
0.15 0.12
参数:
-l 监测环路网络接口(lo)。缺省情况下,ifstat监测活动的所有非环路网络接口。经使用发现,加上-l参数能监测所有的网络接口的信息,而不是只监测lo的接口信息,也就是说,加上-l参数比不加-l参数会多一个lo接口的状态信息。
-a 监测能检测到的所有网络接口的状态信息。使用发现,比加上-l参数还多一个plip0的接口信息,搜索一下发现这是并口(网络设备中有一个叫PLIP (Parallel Line Internet Protocol). 它提供了并口...)
-z 隐藏流量是无的接口,例如那些接口虽然启动了但是未用的
-i 指定要监测的接口,后面跟网络接口名
-s 等于加-d snmp:[comm@][#]host[/nn]] 参数,通过SNMP查询一个远程主机
-h 显示简短的帮助信息
-n 关闭显示周期性出现的头部信息(也就是说,不加-n参数运行ifstat时最顶部会出现网络接口的名称,当一屏显示不下时,会再一次出现接口的名称,提示我们显示的流量信息具体是哪个网络接口的。加上-n参数把周期性的显示接口名称关闭,只显示一次)
-t 在每一行的开头加一个时间戳(能告诉我们具体的时间)
-T 报告所有监测接口的全部带宽(最后一列有个total,显示所有的接口的in流量和所有接口的out流量,简单的把所有接口的in流量相加,out流量相加)
-w 用指定的列宽,而不是为了适应接口名称的长度而去自动放大列宽
-W 如果内容比终端窗口的宽度还要宽就自动换行
-S 在同一行保持状态更新(不滚动不换行)注:如果不喜欢屏幕滚动则此项非常方便,与bmon的显示方式类似
-b 用kbits/s显示带宽而不是kbytes/s(bit和byte有何区别应该都知道吧)
-q 安静模式,警告信息不出现
-v 显示版本信息
-d 指定一个驱动来收集状态信息
可以看出,ifstat的参数很多,通过不同的参数能控制不同的显示方式和显示信息
--------------------------------------------
dstat
是一个用来替换 vmstat, iostat, netstat, nfsstat 和 ifstat 这些命令的工具,是一个全能系统信息统计工具,由Python写成。可以完成vmstat,iostat,netstat等等工具才能完成的任务,而且是彩色显示的,各种情况一目了然,它可通过参数来指定显示哪些内容,如只显示CPU、内存等等,一切都可以定制。它不是一纯粹的网络流量处理工具。
dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat, and ifstat. It includes various counters (in separate plugins) and allows you to select and view all of your system resources instantly; you can, for example, compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval).
安装命令:apt-get install dstat
相关指令参数:
-c, --cpu 显示CPU情况
-C 0,3,total include cpu0, cpu3 and total
-d, --disk 显示磁盘情况
-D total,hda include hda and total
-g, --page enable page stats
-i, --int enable interrupt stats
-I 5,eth2 include int5 and interrupt used by eth2
-l, --load enable load stats
-m, --mem 显示内存情况
-n, --net 显示网络情况
-N eth1,total 可以指定网络接口
-p, --proc enable process stats
-s, --swap 显示swap情况
-S swap1,total 可以指定多个swap
-t, --time enable time counter
-y, --sys enable system stats
--ipc 报告IPC消息队列和信号量的使用情况
--lock enable lock stats
--raw enable raw stats
--tcp enable tcp stats
--udp enable udp stats
--unix enable unix stats
-M stat1,stat2 enable external stats
--mods stat1,stat2
-a, --all 使用-cdngy 缺省的就是这样显示
-f, --full 使用 -C, -D, -I, -N and -S 显示
-v, --vmstat 使用-pmgdsc -D 显示
--integer show integer values
--nocolor disable colors (implies --noupdate)
--noheaders 只显示一次表头以后就不显示了,使用重定向写入文件时很有用
--noupdate disable intermediate updates
--output file 写入到CVS文件中
--------------------------------------------
MRTG
The Multi Router Traffic Grapher or just simply MRTG is free software for monitoring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form.
MRTG最早的版本是在1995年春天所推出,以Perl所写成,因此可以跨平台使用,它利用了SNMP送出带有物件识别码(OIDs)的请求给要查询的网路设备,因此设备本身需支援SNMP。MRTG再以所收集到的资料产生HTML档案并以GIF或PNG格式绘制出图形,并可以日、周、月等单位分别绘出。它也可产生出最大值最小值的资料供统计用。
原本MRTG只能绘出网路设备的流量图,后来发展出了各种plug-in,因此网路以外的设备也可由MRTG监控,例如伺服器的磁盘使用量、CPU的负载等。
官方主页:http://oss.oetiker.ch/mrtg/
--------------------------------------------
Cacti
Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive,easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.
Cacti 在英文中的意思是仙人掌的意思,Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。它通过snmpget来获取数据,使用RRDtool绘画图形,而且你完全可以不需要了解RRDtool复杂的参数。它提供了非常强大的数据和用户管理功能,可以指定每一个用户能查看树状结 构、host以及任何一张图,还可以与LDAP结合进行用户验证,同时也能自己增加模板,功能非常强大完善。
官方主页:http://www.cacti.net
nethogs
Nethogs is a small 'net top' tool that shows the bandwidth used by individual processes and sorts the list putting the most intensive processes on top. In the event of a sudden bandwidth spike, quickly open nethogs and find the process responsible. Nethogs reports the PID, user and the path of the program.
NetHogs是一个开源的命令行工具(类似于Linux的top命令),用来按进程或程序实时统计网络带宽使用率。
来自NetHogs项目网站的介绍:NetHogs是一个小型的net top工具,不像大多数工具那样拖慢每个协议或者是每个子网的速度而是按照进程进行带宽分组。NetHogs不需要依赖载入某个特殊的内核模块。如果发生了网络阻塞你可以启动NetHogs立即看到哪个PID造成的这种状况。这样就很容易找出哪个程序突然占用你的带宽。在Debian/Ubuntu/Linux Mint下要执行NetHogs你必须拥有root权限。
命令行参数
以下就是NetHogs命令行的参数,用-d来添加刷新频率参数,device name 用来检测给定的某个或者某些设备的带宽(默认是eth0)。例如:设置5秒钟的刷新频率,键入如下命令即可:
# nethogs -d 5
如果只用来监视设备(eth0)的网络带宽可以使用如下命令:
# nethogs eth0
如果要同时监视eth0和eth1接口,使用以下命令即可:
# nethogs eth0 eth1
其他参数和用法
-d : 刷新间隔
-h : 帮助
-p : promiscious 模式
-t : trace模式
-V : 版本
交互命令
以下是NetHogs的一些交互命令(键盘快捷键)
m : 修改单位,switch between total and kb/s mode,切换单位或显示进程占用速度或已统计使用的流量。切换顺序是KB/sec->KB->B->MB
r : 按流量排序,即received进行排序。
s : 按发送流量排序,即send进行排序
q : 退出命令提示符
关于NetHogs命令行工具的完整参数列表,可以参考NetHogs的手册。
项目主页:http://nethogs.sourceforge.net/
--------------------------------------------
slurm
Slurm is 'yet' another network load monitor that shows device statistics along with an ascii graph. It supports 3 different styles of graphs each of which can be activated using the c, s and l keys. Simple in features, slurm does not display any further details about the network load.
slurm 最初是给FreeBSD的做端口状态监视器,功能概述:
显示实时流量吐吞状态
视图显示可选择
可以监视任何网络接口
显示关于接口的详细信息
语法
slurm [-hHz] [-csl] [-d delay] -i interface
如果你想监视第一块网卡(eth0),使用下面的命令:
slurm -i eth0
项目主页:
--------------------------------------------
Trafshow
A tool for real-time network traffic visualization.
Like netwatch and pktstat, trafshow reports the current active connections, their protocol and the data transfer speed on each connection. It can filter out connections using pcap type filters.
与netwatch和pktstat一样,trafshow也可以报告当前活动连接、它们使用的协议以及每条连接上的数据传输速度。它能使用pcap类型过滤器,对连接进行过滤。
仅监控tcp连接
# trafshow -i eth0 tcp
项目主页:http://hubbitus.net.ru/trafshow/