Network Monitoring

Mill Yard Computing used to offer these tips for network monitoring. They have taken this down, so here it is for you:

iftop

On CentOS it is in the EPEL repo.

It shows a list of network connections and the data transferred over the past 2 sec, 10 sec & 40 sec (a bit like uptime).

when it is running press the ? key to get help

iftop (-n will disable hostname lookups)

lsof

Summarized from http://www.danielmiessler.com/study/lsof/

Get network connections

# lsof -i

Get only IPv6

# lsof -i 6

Show only TCP

# lsof -iTCP

Show by port

# lsof -i :22

Show connections to a specific host

# lsof -i@172.16.12.5

You can also combine the display of host and port.

# lsof -i@172.16.12.5:22

Find ports that are awaiting connections.

# lsof -i -sTCP:LISTEN

(You can also do this by grepping for “LISTEN”)

# lsof -i | grep -i LISTEN

You can also show any connections that are established.

# lsof -i -sTCP:ESTABLISHED

You can also do this via grep.

# lsof -i | grep -i ESTABLISHED

Show what a given user or everything but a given user has open

# lsof -u daniel
# lsof -u ^daniel

Kill everything a given user is doing

# kill -9 `lsof -t -u daniel`

see what a given program or process is up to, by name or by process ID

# lsof -c syslog-ng
# lsof -p 10075

The -t option returns just a PID

# lsof -t -c Mail

Show everything interacting with a given directory

# lsof /var/log/messages/

Show everything interacting with a given file

# lsof /home/daniel/firewall_whitelist.txt

Show open connections with a port range

# lsof -i @fw.google.com:2150=2180

Resources

http://www.netadmintools.com/html/lsof.man.html

http://www.danielmiessler.com/
(For sure check out www.danielmiessler.com – What a great resource!)

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>