The post Install & learn to use TCPDUMP with examples appeared first on The Linux GURUS.
]]>Tcpdump command is a network packet analyzing tool that allows us to monitor our network traffic. Using it, we can check the TCP\IP & other network packets being transmitted over the network interfaces attached to our servers.
Recommended Read: Examples on how to use PS COMMAND in Linux
Also Read: Top Linux commands to monitor NETWORK
Tcpdump command uses libpcap library to capture the network packets. We can check the network packets in real-time or we can also save it to a file, which we can check later. To use the tcpdump command, we should use it with root user or with a user with sudo privileges.
Here, we will be discussing how we can install & use TCPDUMP with examples. So let’s start,
In most cases, we already should have tcpdump installed on most of the Linux distributions, but if it’s not then you can use one of the following commands to install it your system.
CentOS/RHEL 6 & 7
$ sudo yum install tcpdump
Fedora/CentOS/RHEL 8
$ dnf install tcpdump
Ubuntu/Debian/Linux Mint
$ apt-get install tcpdump
Now let’s learn how we can use it to monitor our network traffic.
Check network traffic from all network interface
To get the network packets from all network interfaces, run the following command,
$ tcpdump -i any
Check network traffic from only a single network interface
To get the network packets from a single interface, use
$ tcpdump -i enp0s3
Getting captured network packets to a file
To write all the captured packets to a file, use the ‘-w’ option,
$ tcpdump -i eth1 -w packets_file
Reading a network packets file
To read an already created, old tcpdump file, use the following command,
$ tcpdump -r packets_file
Check packets for a protocol or port number
To check all the packets used based on the protocol, run the following command
$ tcpdump ssh
To get packets for a single port ot for a range of ports, use
$ tcpdump port 80
$ tcpdump portrange 20-200
We can also use ‘src’ & ‘dst’ options to get packets for ports based on source & destination.
We can also combine two conditions (example mentioned below) with AND (and , && ), OR ( or. || ) & EXCEPT (not , ! ). This helps when we have analyzed network packets based on some conditions.
Getting more packets information with readable timestamps
To get more information regarding the packets along with the readable timestamp, use
$ tcpdump -ttttnnvvS
Capture network packets of a network range
To get the packets for a network, execute the following command from the terminal
$ tcpdump net 10.10.1.0/24
Check network packets for a single IP address
To capture network packets for a single IP address, whether source or destination or both, use the following command,
$ tcpdump host 10.10.1.12
To get packets based on source or destination of an IP address, use
$ tcpdump src 10.10.1.12
$ tcpdump dst 10.10.1.12
Using AND
We can use ‘and’ or symbol ‘&&’ to combine two conditions or mote with tcpdump. An example would be,
$ tcpdump src 10.10.1.12 && port 22 -w ssh_packets
Using OR
OR will check the command tcpdump -i eth0 src port not 22ainst one the mentioned conditions in the command, like
$ tcpdump src 10.10.1.12 or dst 10.10.1.30 && port 22 -w ssh_packets
$ tcpdump port 443 or 80 -w http_packets
Using EXCEPT
EXCEPT will be used when we want to leave out something to fulfill a condition, like
$ tcpdump -i enp0s3 src port not 22
This will monitor all the traffic on eth0 but will not capture port 22.
Using Help
These were only some examples that we can use with tcpdump command. There are plenty of other options that we can use with tcpdump command, & like with other Linux commands, we can refer to help to check all the options,
$ tcpdump –help
Please feel free to send in any queries or suggestions using the comment box below.
If you think we have helped you or just want to support us, please consider these:-
Connect to us: Facebook | Twitter | Linkedin
TheLinuxGURUS are thankful for your continued support.
The post Install & learn to use TCPDUMP with examples appeared first on The Linux GURUS.
]]>The post Top Linux commands to monitor NETWORK appeared first on The Linux GURUS.
]]>Recommended Read: How to Execute a Command or a Script on system Startup or Reboot
Also Read: Learn to use KILL COMMAND in Linux
In this tutorial, we will only discuss Linux commands to monitor network traffic. On some Linux distributions these commands might be installed by default, but on some they might need to be installed. So let’s start by discussing the pre-requisites first.
We need to have EPEL repository installed on our system in order to install some of these commands. We do have a nice, detailed article for installation of the same HERE https://thelinuxgurus.com/install-epel-repository-on-centos-rhel-6-7-8/. You can also use the commands below to install EPEL repository on your systems,
RHEL/CentOS 6:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
RHEL/CentOS 7:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Epel also recommends for RHEL 7, to enable the optional, extras, and HA repositories since EPEL packages may depend on packages from these repositories, using the following command,
# subscription-manager repos –enable “rhel-*-optional-rpms” –enable “rhel-*-extras-rpms” –enable “rhel-ha-for-rhel-*-server-rpms”
RHEL/CentOS 8:
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Now let’s discuss the Linux commands to monitor network one by one.
Netdiag is itself not a command itself but is a collection of network diagnostics tools. The commands like netwatch, trafshow & netload commands are all part of it & are also discussed in this article below.
RHEL/CentOS
# yum install netdiag
Fedora
# dnf install netdiag
Ubuntu/Debian
# apt-get install netdiag
Nload command is used to fetch information about the incoming & outgoing traffic. It generates a graph that indicates the incoming and outgoing traffic. Nload command does not support many options i.e. we won’t get much information related to individual processes but we can adjust the scale.
So to Install it, use the following command,
RHEL/CentOS (need to have EPEL repo installed)
# yum install nload
Fedora
# dnf install nload
Ubuntu/Debian
# apt-get install nload
Now to start using it, run
# nload
Netwatch command shows the total speed at which data transfer for each connection from the local system to the remote systems. If need to check the transfer speed from an interface, we can use the following command,
# netwatch -e en0sp3 -nt
Iftop command is one of the most useful Linux commands to monitor networks. It provides real-time monitoring of network bandwidth & provides the total data moving in & out of the individual socket connections i.e. it captures packets moving in and out from our network adapters & then it sums up to find the total bandwidth being utilized by a server.
Run the following command from your terminal to install it your server,
RHEL/CentOS (need to have EPEL repo installed)
# yum install iftop
Fedora
# dnf install iftop
Ubuntu/Debian
# apt-get install iftop
Then to start monitoring the network, run the following command,
# iftop
For more detailed information on the options that can be used with iftop, use command help,
# iftop –help
tcptrack command is very similar to the iftop command. Tcptrack captures packets & then calculates the network bandwidth for each of the tcp connections. To calculate the network bandwidth, it uses the pcap library.
To install it on your systems, use the following command,
RHEL/CentOS
# yum install tcptrack
Fedora
# dnf install tcptrack
Ubuntu/Debian
# apt-get install tcptrack
To get the network stats, open terminal & run the following command,
# tcptrack
Another one of the useful network monitoring commands. Iptraf generates a colorful & interactive list of traffic in & out to/from other servers/hosts. The list has information about all the hosts from which traffic is going in & out.
To install it on the system, use one of the following commands,
RHEL/CentOS (need to have EPEL repo installed)
# yum install iptraf-ng
Fedora
# dnf install iptraf-ng
Ubuntu/Debian
# apt-get install iptraf-ng
To generate the network traffic reports, run the following command,
# iptraf
Of all the commands that are part of netdiag package, netload is simplest to use & understand as it provides only a simple report on current network traffic from the system. It also shows the total amount of data transferred since its start.
To get the netload report, run the netload command followed by the ethernet port name. For example,
# netload en0sp3
Trafshow command is similar to the tcptrack command. It can filter the traffic based on pcap filters & shows data transfer speed of all active connections along with the protocol, tcp/udp.
To use it, execute the following command from the terminal,
# trafshow -i en0sp3 udp
These were some of the commands that we can use to monitor our Linux system network. We will also discuss some other commands to monitor system memory, CPU & disk usage in our future tutorials. Please feel free to send us any questions or queries using the comment box below.
If you think we have helped you or just want to support us, please consider these:-
Connect to us: Facebook | Twitter | Linkedin
TheLinuxGURUS are thankful for your continued support.
The post Top Linux commands to monitor NETWORK appeared first on The Linux GURUS.
]]>