{"id":101,"date":"2022-07-14T16:23:12","date_gmt":"2022-07-14T16:23:12","guid":{"rendered":"https:\/\/brainlessideas.com\/?p=101"},"modified":"2022-07-15T14:33:23","modified_gmt":"2022-07-15T14:33:23","slug":"network-monitoring","status":"publish","type":"post","link":"https:\/\/brainlessideas.com\/index.php\/2022\/07\/14\/network-monitoring\/","title":{"rendered":"Network Monitoring"},"content":{"rendered":"\n<p>Mill Yard Computing used to offer these tips for network monitoring.  They have taken this down, so here it is for you:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">iftop<\/h3>\n\n\n\n<p>On CentOS it is in the EPEL repo.<\/p>\n\n\n\n<p>It shows a list of network connections and the data transferred over the past 2 sec, 10 sec &amp; 40 sec&nbsp;(a bit like uptime).<\/p>\n\n\n\n<p>when it is running press the ? key to get help<\/p>\n\n\n\n<p>iftop (-n will disable hostname lookups)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">lsof<\/h3>\n\n\n\n<p>Summarized from http:\/\/www.danielmiessler.com\/study\/lsof\/<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Get network connections<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i<\/pre>\n\n\n\n<p>Get only IPv6<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i 6<\/pre>\n\n\n\n<p>Show only TCP<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -iTCP<\/pre>\n\n\n\n<p>Show by port<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i :22<\/pre>\n\n\n\n<p>Show connections to a specific host<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i@172.16.12.5<\/pre>\n\n\n\n<p>You can also combine the display of host and port.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i@172.16.12.5:22<\/pre>\n\n\n\n<p>Find ports that are awaiting connections.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i -sTCP:LISTEN<\/pre>\n\n\n\n<p>(You can also do this by grepping for \u201cLISTEN\u201d)<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i | grep -i LISTEN<\/pre>\n\n\n\n<p>You can also show any connections that are established.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i -sTCP:ESTABLISHED<\/pre>\n\n\n\n<p>You can also do this via grep.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i | grep -i ESTABLISHED<\/pre>\n\n\n\n<p>Show what a given user or everything but a given user has open<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -u daniel<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -u ^daniel<\/pre>\n\n\n\n<p>Kill everything a given user is doing<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># kill -9 `lsof -t -u daniel`<\/pre>\n\n\n\n<p>see what a given program or process is up to, by name or by process ID<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -c syslog-ng<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -p 10075<\/pre>\n\n\n\n<p>The -t option returns just a PID<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -t -c Mail<\/pre>\n\n\n\n<p>Show everything interacting with a given directory<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof \/var\/log\/messages\/<\/pre>\n\n\n\n<p>Show everything interacting with a given file<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof \/home\/daniel\/firewall_whitelist.txt<\/pre>\n\n\n\n<p>Show open connections with a port range<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># lsof -i @fw.google.com:2150=2180<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Resources<\/h3>\n\n\n\n<p>http:\/\/www.netadmintools.com\/html\/lsof.man.html<\/p>\n\n\n\n<p>http:\/\/www.danielmiessler.com\/<br>(For sure check out www.danielmiessler.com &#8211; What a great resource!)<\/p>\n","protected":false},"excerpt":{"rendered":"\n<p>Mill Yard Computing used to offer these tips for network monitoring. They have taken this down, so here it is for you:<\/p>\n<p> iftop <\/p>\n<p>On CentOS it is in the EPEL repo.<\/p>\n<p>It shows a list of network connections and the data transferred over the past 2 sec, 10 sec &amp; 40 sec&nbsp;(a bit like [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,10],"tags":[],"class_list":["post-101","post","type-post","status-publish","format-standard","hentry","category-it","category-linuxses","odd"],"_links":{"self":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/comments?post=101"}],"version-history":[{"count":3,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts\/101\/revisions"}],"predecessor-version":[{"id":120,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts\/101\/revisions\/120"}],"wp:attachment":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/media?parent=101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/categories?post=101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/tags?post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}