MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
JulAug Sep
Oct Nov Dec

Tue, Jun 20, 2017 10:22 pm


If you wish to monitor the top bandwidth consuming processes on a Linux system, you can use the nethogs program, which displays bandwidth usage by process. It will display the process id (PID) of the processes consuming the most bandwidth. E.g.:

NetHogs version 0.8.5

    PID USER     PROGRAM                    DEV        SENT      RECEIVED       
  19355 jim      sshd: jim@pts/0            enp1s4      0.188       0.082 KB/sec
  15022 apache   /usr/sbin/httpd            enp1s4      0.000       0.000 KB/sec
      ? root     unknown TCP                            0.000       0.000 KB/sec

  TOTAL                                                 0.188       0.082 KB/sec

The above output shows me that the two processes consuming the most bandwidth at the time the program was run had PIDs of 19355 and 15022. I can get additional information on those processes using the ps command.

$ ps 19355
19355 ?        S      0:19 sshd: jim@pts/0
$ ps 15022
15022 ?        S      0:00 /usr/sbin/httpd -DFOREGROUND

[ More Info ]

[/os/unix/linux/network] permanent link

Fri, May 13, 2016 11:00 pm

Monitoring network traffic with ibmonitor

If you want to monitor the traffic on network interfaces on a Linux system, one tool that will give you real-time statistics on network utilization is ibmonitor. An RPM package and the Perl script that constitutes the program and is contained in ibmonitor-1.4.tar.gz can be downloaded from ibmonitor. The program is a console application , i.e., a command line program with a text interface. It is written in the Perl programming language. Its features include the following:

[ More Info ]

[/os/unix/linux/network] permanent link

Wed, Dec 13, 2006 6:26 pm

Using pktstat to Monitor Network Traffic

Pktstat is free software for Linux and Unix systems that will display a real-time list of active connections seen on a network interface, and how much bandwidth is being used by various network connections. It partially decodes the HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Entries hang around on the screen for a few seconds so you can see what just happened. It also accepts filter expressions à la tcpdump.

An RPM file that can be used to install the software on Linux systems is available from As of December 13, 2006, the current version is 1.7.2q. I installed the software from the RPM file.

# wget

# rpm -qip pktstat-1.7.2q-0.i386.rpm
warning: pktstat-1.7.2q-0.i386.rpm: V3 RSA/MD5 signature: NOKEY, key ID f322929d
Name        : pktstat                      Relocations: (not relocateable)
Version     : 1.7.2q                            Vendor: David Leonard
Release     : 0                             Build Date: Thu 10 Jul 2003 12:38:40 AM EDT
Install Date: (not installed)               Build Host: sparrow
Group       : Applications/Internet         Source RPM: pktstat-1.7.2q-0.src.rpmSize        : 145837                           License: Public Domain
Signature   : RSA/MD5, Thu 10 Jul 2003 12:38:40 AM EDT, Key ID 012334cbf322929d
Packager    : William Stearns <>
URL         :
Summary     : Displays a live list of active connections and what files are being transferred.
Description :
Display a real-time list of active connections seen on a network
interface, and how much bandwidth is being used by what. Partially
decodes HTTP and FTP protocols to show what filename is being
transferred. X11 application names are also shown. Entries hang around
on the screen for a few seconds so you can see what just happened. Also
accepts filter expressions a la tcpdump.

# rpm --install pktstat-1.7.2q-0.i386.rpm
warning: pktstat-1.7.2q-0.i386.rpm: V3 RSA/MD5 signature: NOKEY, key ID f322929d

Once installed the software can be run with the pktstat command. If you need to install from the source code rather from the RPM package, the steps to install the software are fairly straightforward and can be found at Bandwidth Monitoring Tools, which also lists a number of other free bandwidth monitoring tools.

The software can show you what files people are accessing on your web server in realtime as shown below:

interface: eth0
load averages: 6.3k 3.2k 1.4k bps

   bps    % desc
 779.9   2% icmp unreach port frostdragon -> ns2
            tcp adsl-68-126-206-36:2039 <-> frostdragon:http
            - GET /notebook/encyclopedia/s/slr_chibimoon.htm
            tcp adsl-68-126-206-36:2041 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon.htm
            tcp adsl-68-126-206-36:2042 <-> frostdragon:http
            - 304 GET /graphics/notepad.gif
            tcp adsl-68-126-206-36:2043 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-title.jpg
            tcp adsl-68-126-206-36:2044 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-002.jpg
            tcp adsl-68-126-206-36:2045 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-001.jpg
            tcp adsl-68-126-206-36:2046 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-lunapball.gif
 278.1   0% tcp adsl-68-126-206-36:2047 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-ckey2.gif
  1.6k   5% tcp adsl-68-126-206-36:2048 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-compact.gif

You can use tcpdump style filter expressions to limit the displayed information to just traffic you are interested in at the moment. For instance, if I just want to monitor email traffic, i.e. SMTP traffic on port 25, I can use the command pktstat port 25 when I start the program.

interface: eth0
load averages: 5.6k 1.2k 421.1 bps
filter: port 25
   bps    % desc
            tcp 245:29801 <-> frostdragon:smtp
            tcp bny92-4-82-228-126-176:1672 <-> frostdragon:smtp
 19.0k  51% tcp frostdragon:53388 <-> mx01:smtp
  55.6   0% tcp frostdragon:smtp <-> mail:22421
 18.0k  48% tcp frostdragon:smtp <-> pool-71-245-166-13:62216

By default, pktstat does not show the Fully Qualified Domain Name (FQDN) of systems. But you can change that behavior with the -F option.

         -F    Show full hostnames.  Normally, hostnames are truncated to
               the first component of their domain name before display.

For instance I could have it show the full name for systems that are exchanging email with my server with pktstat -F port 25

interface: eth0
load averages: 98.9 21.9 7.4 bps
filter: port 25
   bps    % desc
            tcp <->

If you would prefer to see IP addresses and port numbers rather than names, you can use the -n option. E.g. I could use pktstat -n port 25 to again monitor only SMTP traffic, but this time display IP addresses rather than the host names and the port number, 25, rather than its description, which is smtp.

          -n    Do not try and resolve hostnames or service port numbers.
interface: eth0
load averages: 55.2 11.4 3.8 bps
filter: port 25
   bps    % desc
 587.1  85% tcp <->
  98.4  14% tcp <->


  1. Bandwidth Monitoring Tools
    Planet Malaysia Blog
  2. pktstat
    By David Leonard
  3. pktstat file listing
    By William Stearns
    Mary 13, 2006

[/os/unix/linux/network] permanent link

Tue, Sep 06, 2005 11:13 pm

Setting up a Floppy-based Firewall with floppyfw

If you have an old PC, even a 386-based PC, with just 12 MB of memory and a floppy drive, you have enough to build a firewall for home use or for use by a small business. You can build your firewall with such minimal hardware requirements if you use floppyfw. In fact, you can get by with even less than 12 MB of memory if you use an older version of floppyfw, i.e. the 1.x series rather than the current 2.x software. And the old 1.x software is still maintained by the developer.

[ More Info ]

[/os/unix/linux/network/firewall] permanent link

Wed, Sep 15, 2004 11:10 pm

Bandwidth Monitoring on a Linux System

On a Linux system, if you need information on how much bandwidth is being used and what type of traffic is consuming the bandwidth, two tools you can use that don't require a Graphical User Interface (GUI) are IPTraf and Linux Bandwidth Monitor (bwmon).

IPTraf description from Red Hat's IPTraf package:

IPTraf is a console-based network monitoring utility. IPTraf gathers data like TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts. IPTraf features include an IP traffic monitor which shows TCP flag information, packet and byte counts, ICMP details, OSPF packet types, and oversized IP packet warnings; interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity and packet size counts; a TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports, a LAN statistics module that discovers active hosts and displays statistics about their activity; TCP, UDP and other protocol display filters so you can view just the traffic you want; logging; support for Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interfaces; and utilization of the built-in raw socket interface of the Linux kernel, so it can be used on a wide variety of supported network cards.

A ZDNet article, Police your network traffic with IPTraf explains how to use IPTraf to log and monitor IP traffic on your system.

You can download IPTraf from the developer's website or you may already have it with your distribution of Linux. An RPM is available from Red Hat or from this site.

The options when running bwmon are shown below:

Linux Network Bandwidth Monitor $Revision: 1.3 $
by Kimmo Nupponen (
$Date: 2002/05/08 06:33:09 $

usage: bwmon [-b] [-h] [-a] [-m] [-u seconds]
        -a Print bandwidth utiliasation in Kbytes rather than Kbits. The default
           is to use Kbits
        -a Print also average bandwidth since last boot per interface
        -m Print maximum bandwidth since launch of this utility
        -h Print this help message
        -u Update timeout (integer value)

        Use <space-bar> to refresh the screen before update timeout expires
        Use 'q' or 'Q' to exit this utility

Note that you have to have proc mounted to allow this software
to work!

bwmon Screenshot
IPTraf Screenshots

[/os/unix/linux/network] permanent link

Mon, Aug 23, 2004 11:05 pm

Keeping a Linux System's Time Accurate

PC and workstation clocks are not highly accurate and will tend to drift from the correct time over time. To keep the system's clock accurate, one can use the Network Time Protocol (NTP). The fact that a system's clock is off by a few minutes may not seem important at first, but if you have to troubleshoot problems involving multiple systems, you will realize that it can take much longer to troubleshoot if the clocks on the systems vary and you must mentally adjust the times to determine the order of events.

NTP software will provide the capability for a system to contact a time server, which provides an accurate time source. In the United States time servers may be tied back to the time source provided by the National Institutes of Standards and Technololgy (NIST).

On RedHat Linux systems, you can use the ntp package to set up your system to obtain time from a time server using NTP.

Installing and configuring the ntp package on RedHat Linux is detailed below. The example below uses ntp-4.0.99k-15.i386.rpm, which is version 4.0.99k release 15 of the ntp client. If you are using a later version of RedHat Linux, a newer version of ntp may be available for your version of Linux. Except for the RPM file name, the installation and configuration process should be similar.

  1. Install the package, e.g. rpm --install ntp-4.0.99k-15.i386.rpm.

  2. Edit /etc/ntp.conf file. Add a server line to point to a publicly accessible time server, e.g. server to use the time server You then should have lines similar to the following in the ntp.conf file:

    server # local clock
    fudge stratum 10

  3. Use chkconfig to configure the service to start when the sysem boots

    chkconfig ntpd on

  4. Start the service.

    /etc/init.d/ntpd start

  5. If you wish to immediately update the time to match that on the time server, you can use the ntpdate command, e.g. ntpdate -b .

You can check that the service is functioning with the ntpq command.

ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
============================================================================== Tick.UH.EDU      2 u   34   64    1   28.516    0.340   0.000
 LOCAL(0)        LOCAL(0)        10 l    9   64    1    0.000    0.000   0.000

You can check to see whether your system is functioning as an NTP server, which means it will be listening on NTP UDP port 123 by using the netstat command.

netstat -a | grep "ntp"
udp        0      0    *:*
udp        0      0 localhost.localdoma:ntp *:*
udp        0      0 *:ntp                   *:*

You should see the system name followed by ":ntp", which indicates it is listening for connections on the NTP port, UDP port 123.

If you are blocking access to the system with a firewall, you will need to provide a rule for UDP connections to port 123, if you want to allow other systems the capability of obtaining the time from your NTP server.

If you wish to trace the path back through a sequence of time servers to find the master time source, you can use the ntptrace command.

localhost.localdomain: stratum 3, offset 0.000100, synch distance 0.22896 stratum 2, offset -0.016537, synch distance 0.04396 stratum 1, offset -0.012730, synch distance 0.00000, refid 'ACTS'

The example above shows that the system gets its time from, a stratum 2 server, which in turn gets the time from, a stratum 1 server.


  1. Decibels Linux NTP Tutorial
  2. NIST Internet Time Service
  3. NTP - The Network Time Protocol
  4. ntpq - standard NTP query program
  5. ntptrace - trace a chain of NTP servers back to the primary source
  6. US Naval Observatory NTP Network Time Servers
  7. Using the Network Time Protocol to Sync Your Network
  8. Keeping Time on Windows Machines

[/os/unix/linux/network] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo