Network

Facebook Twitter

Ifstat. Ifstat is a tool to report network interfaces bandwith just like vmstat/iostat do for other system counters. ifstat gathers these statistics from the kernel internal counters, which is highly operating system dependent.Right now, the following systems are supported: Linux >= 2.2.0 (through /proc/net/dev file).

Ifstat

FreeBSD >= 2.2 (using the ifmib(4) interface). Solaris >= 5.6 (using the kstat(3K) interface). IRIX and OpenBSD (using the SIOCGIFDATA ioctl). Current version: ifstat-1.1.tar.gz [History]. Ifstat's functionnalities can also be included in a static library for use in other applications. As a sample use, the wmnet application has been tweaked to use libifstat as a polling backend, which brings more OS support and SNMP polling to it. Netstat -atp. Netstat command and shell pipe feature can be used to dig out more information about particular IP address connection.

netstat -atp

You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat. This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method. # netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n Output: 1 CLOSE_WAIT 1 established) 1 Foreign 3 FIN_WAIT1 3 LAST_ACK 13 ESTABLISHED 17 LISTEN 154 FIN_WAIT2 327 TIME_WAIT Dig out more information about a specific ip address: # netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n Busy server can give out more information: # netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n Output: Get List Of All Unique IP Address Find Out If Box is Under DoS Attack or Not Get Live View of TCP Connections Display Interface Table.

Ntop. Q.

ntop

How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity? A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols. ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity. ntop is a network probe that showsIn interactive mode, it displays the network status on the user's terminal.

Type the following commands, enter: $ sudo apt-get update $ sudo apt-get install ntop Sample output: Reading package lists... Restart ntop service. Ping -c 20. Name ping, ping6 - send ICMP ECHO_REQUEST to network hosts Synopsis ping [ -LRUbdfnqrvVaAB] [ -c count] [ -i interval] [ -l preload] [ -p pattern] [ -s packetsize] [ -t ttl] [ -w deadline] [ -F flowlabel] [ -I interface] [ -M hint] [ -Q tos] [ -S sndbuf] [ -T timestamp option] [ -W timeout] [ hop...] destination Description ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway.

ping -c 20

Options. Dig. Name.

dig

Display Filter Reference: HTTP. Filter the response to a matched HTTP request. I don't think that that is possible with just one single filter, because the answer packet does not contain the request (unlike in DNS answers, for example).

filter the response to a matched HTTP request

Wireshark can only filter on some packets depending on other packets if the dissector transfers the relevant details to the answer packet. An example for that would be the "http.request_in" which can be used to find packets that are a response to another packet, but that packet has to be specified by number. You can't use a uri filter for this.