Nload, IFtop and Etherape - Network monitoring in real time - Мои статьи - Article directory

Nload, IFtop and Etherape - Network monitoring in real time

One of the main tasks of administrators and specialists in network security is controlling Network, network connections in real-time. This is what we will talk today, and we will consider three simple solutions to solve this problem.

The first tool in our list is NLOAD. Nload - a console application which monitors network traffic in real time, and outputs the data channel load in the form of a drawing separately for inbound and outbound traffic. It also provides additional info like total amount of transferred data, the minimum and maximum bandwidth, etc.

The installation is simple. Run the standard command

# apt-get install nload

Utility has several input parameters, we consider some of them:

-i max_scaling – set scale (100% level) for incoming traffic, kBit/s.

-o max_scaling – set scale (100% level) for outgoing traffic, kBit/s.

The default value max_scaling = 10240 kBit/s. (i.e., ~10 MBit/s)

-u b|b|k|K|m|M|g|g|h|H – sets the type of display units workload traffic (by default kBit/s).

-U b|b|k|K|m|M|g|g|h|H – sets the type of units to display the sum of traffic counts (by default, in MByte/s).

-t interval – set refresh interval of the screen in milliseconds (default 500 ms), that the interval of 100 ms.

-m – displays all interfaces on the screen (without graphics output).

In addition as a parameter you can specify a specific interface. In shared mode, toggle the display between interfaces is done by pressing arrows left and right or up and down.

Now a couple of examples:

# nload rl0 –i 2048 –o 4096 –u h –U M

The displayed bandwidth on the interface rl0 maximum scale value for incoming traffic is 2048 kBit/s, the outgoing traffic and 4096 kBit/s, with automatic unit type depending on the values and count the amount of traffic in megabytes.

The following command displays all available network interfaces:
# nload -m –u h –U H

Lastly, a couple of useful function keys:

F5 – to save display settings in the config file
F6 – restore settings from the configuration file
q – exit.

Next on our list will be the tool IFTOP. IFtop is a tool for monitoring real-time network bandwidth via command line. IFTOP shows a real time updated list of network connections based on their network usage ordered on every second, on average, 2, 10 and 40.

As in the previous case, to install the utility, run the command:

# apt-get install nload

Run a utility as simple as installing

# iftop

Or, if you have multiple network cards – you can run with-i and specify your desired:

# iftop -i eth0 (wlan0)

During operation iftop you can use keys like S, D to see more information like source, destination etc. iftop Utility supports the so-called pcap-filter syntax used in the batch filter and using the-f flag we're talking Tulsa that we were about to ship filtering:

Here are the basic commands:

-h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  Display bandwidth in bytes
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

The last tool in our list is EtherApe. EtherApe is a free program, packet analyzer/tool to monitor traffic. Network traffic is displayed using a graphical interface. Each node represents a specific host. Nodes and links are color-coded, to refer to a variety of protocols, forming different types of network traffic. Individual nodes and their connecting links grow and shrink with increasing and decreasing network traffic. EtherApe is a great tool to monitor bandwidth usage in your network. It gives a graphical representation of what proportion of lines are active and where. Upon failure of the IP or MAC addresses and classifications of protocols is the only tool that should be used. For example, if you find a noticeable slowdown in network performance and want to quickly see who takes your resources, start EtherApe. This program listens on your network and identificeret traffic in it, the protocols and the load on the network. In addition, it keeps track of all the sources and destinations of traffic and gives a clear picture of what is happening in the network. This program is a very good tool for identifying problems with the network, and can help in explaining the issues of bandwidth and traffic for non-experts in technical matters. EtherApe graphically demonstrates the network traffic. Nodes are drawn in the form of a ring with links in the form of lines. The more traffic, the thicker are the connecting lines.
Different traffic can be depicted in different colors that allow to distinguish its types.

Set the same standard way:

# apt-get install etherape

On this, our review is finished. Good luck to everyone!

Категория: Мои статьи | Добавил: d1gger (15.06.2016)

Просмотров: 1906 | Теги: traffic, Network, nload, iftop, kalilinux, pentest, tutorial, Security, etherape | Рейтинг: 0.0/0

Всего комментариев: 0