Authors Top

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

1. Overview

In this article, we’ll be looking at different tools for monitoring network usage in Linux. Particularly, we’ll explore the following network monitoring tools:

  • nload
  • speedometer
  • iftop
  • nethogs

2. Network Monitoring Tools

There are a plethora of tools that we can use for monitoring network usage in Linux. We can loosely categorize these tools by how detail they display the network usage in a system.

On the one hand, there are tools that report the network usage per interface as a single figure. They simply sum up all the network traffic in the network interface.

On the other hand, there are tools that groups the network usage on a per-socket or per-process basis. They group different network traffic into their respective socket or process ID. Hence, this provides a finer detail on network bandwidth consumption.

Let’s take a look at these tools in Linux and how they can be used.

3. nload

nload is a command-line tool that displays the network usage on the system. It belongs to the category of network monitoring tool in Linux that simply sum up all the network traffic on a network interface.

3.1. Installation

For Debian based Linux, we can install it using apt-get:

$ apt-get install -y nload

On the other hand, we’ll use yum for RHEL based Linux:

$ yum install -y epel-release
$ yum install -y nload

3.2. Basic Usage

In the simplest form, nload can be invoked without any arguments:

$ nload

The command launches an interactive screen:

Device eth0 [172.17.0.2] (1/4):
============================================================Incoming:




                                          Curr: 1.09 kBit/s
                                          Avg: 760.00 Bit/s
                                          Min: 0.00 Bit/s
                                          Max: 1.09 kBit/s
                                          Ttl: 16.98 MByte
Outgoing:





                                          Curr: 1.09 kBit/s
                                          Avg: 760.00 Bit/s
                                          Min: 0.00 Bit/s
                                          Max: 1.09 kBit/s
                                          Ttl: 361.65 kByte

On the top of the display is the device we’re currently monitoring. Using the arrow keys left and right, we can cycle between the different network interfaces available in the system.

The rest of the screen shows the network usage for incoming and outgoing network traffic. Additionally, it provides a basic statistical figure such as average, minimum, and maximum figure.

3.2. Changing the Refresh Interval

By default, the network usage is updated once every 500 milliseconds. To change the refresh interval, we can pass the flag -t followed by an integer value in milliseconds.

For example, to refresh once every 2000 milliseconds:

$ nload -t 2000

The resulting screen will be updated once every 2 seconds.

3.3. Setting the Unit

To change the unit on the network traffic rate, we can use the flag -u:

$ nload -u m

The command above runs the nload program and displays the network traffic rate in terms of megabits per second.

The flag -u accepts the following values:

  • b (for bits) or B (for bytes)
  • k (for kilobits) or K (for kilobytes)
  • m (for megabits) or M (for megabytes)
  • g (for gigabits) or G (for gigabytes)

Additionally, we can change the unit of the total amount of data transferred using the flag -U. This flag also accepts similar values to the flag -u.

3.4. Displaying All Devices

We can make nload display all the network interfaces in a single screen using the flag -m.

$ nload -m

In this mode, we can look at the network usage for all the interfaces in one single screen. However, the graphs for the network traffic will not be displayed.

4. speedometer

speedometer is a network monitoring tool. Similar to nload, it doesn’t differentiate the network traffic on a network interface by socket or processes.

However, one thing that separates it from netload is that the display of speedometer is much more customizable.

4.1. Installation

On Debian based Linux, we’ll use apt-get to install speedometer:

$ apt-get install -y speedometer

Unfortunately, speedometer is unavailable in yum package manager.

4.2. Basic Usage

Let’s monitor the outgoing network traffic rate for our network interface eth0:

$ speedometer -t eth0

 

speedometer ss

Running the command results in a graph showing up on the console output. Additionally, this graph is being constantly updated by the speedometer instance that is monitoring the interface eth0.

Then, we can see additional information at the bottom of the graph.

Starting from the left, the label TX: eth0 indicates that this is the graph for the transmission rate for the network interface eth0. Then, there are 3 numbers to the right of the label.

The first number represents the last sampled rate. Next, the second number represents a weighted average of the last 6 samples. The weights are such that the latest number has more weight than the older rate.

Finally, the 3rd number is a simple average of all past data points.

4.3. Displaying Multiple Graphs

We can display multiple graphs side by side using the flag -c. For example, we can display the receiving rate for interfaces eth0 and lo side by side:

$ speedometer -r eth0 -c -r lo

The flag -c serves as a delimiter that divides different graph definition. As we can see from the command, following the flag -c is the argument -r lo. That combination of flag defines a receiving traffic rate for interface lo.

Once executed, we can see 2 graphs lined side by side, reporting the incoming traffic to interfaces eth0 and lo.

5. iftop

iftop is a command-line tool that displays network usage by listening to the interface. In contrast to nload and speedometer, it monitors the network usage on each socket.

5.1. Installation

To install iftop on Debian based Linux, we’ll use apt-get:

$ apt-get install -y iftop

For RHEL based Linux:

$ yum install -y epel-release
$ yum install -y iftop

5.2. Basic Usage

We can launch iftop without any argument:

$ iftop

 

iftop ss

Running iftop without specifying a network interface causes it to listen on the first external interface it can find.

5.3. Monitoring a Specific Interface

Using the flag -i, we can run iftop on a specific interface:

$ iftop -i lo

The command above makes iftop listen on the lo interface.

5.4. Turning Off DNS Resolution

By default, iftop attempts to look up the IP for each socket connection in order to obtain its DNS. However, this might be undesirable as it imposes some network overhead during the DNS resolution.

To disable the DNS resolution, we can launch iftop with the flag -n:

$ iftop -n 

5.5. Monitoring a Specific Network

With iftop, it is also possible to monitor a particular network using the flag -F. For example, we can narrow down the network monitoring to the network block 192.168.0.1/16:

$ iftop -F 192.168.0.1/16

The command will start iftop that only monitor any traffic that flows in and out of any address that falls into the 192.168.0.1/16 network block.

Instead of a CIDR notation, a network mask can be used. For example, the command above command can be replaced using an explicit mask:

$ iftop -F 192.168.0.1/255.255.0.0

6. nethogs

nethogs is yet another command-line tool for monitoring network usage. It groups network traffic on a network interface by the process ID that generates or receives the network traffic. As a result, we’ll be able to monitor the network bandwidth consumption of different processes.

6.1. Installation

To install nethogs in Debian based Linux, we’ll use the apt-get command:

$ apt-get install -y nethogs

A similar installation can be performed on RHEL based Linux with yum:

$ yum install -y nethogs

6.2. Basic Usage

Let’s run the nethogs command without any arguments:

$ nethogs

Immediately we’ll be presented with an interactive screen.

 

nethogs ss

The screen shows the bandwidth consumed by each process.

The PID column shows the process ID this row of information corresponds to. Then, the user that starts the process is displayed in the USER column. Subsequently, the PROGRAM column shows the program that is consuming the bandwidth.

On the DEV column, we can see the name of the interface. Finally, the SENT and RECEIVED columns show the number of bytes sent and received by this process respectively.

6.3. Interactive Control

To cycle between different display modes, we can press the m key. The different display modes available are kilobyte per second, kilobyte, byte, and megabyte.

Note that out of the four different modes, only the first is displaying rate information. The rest of the display modes are displaying the quantity of data transferred in different metrics prefix.

We can also interactively sort the rows by RECEIVED or SENT values. Pressing the r key will sort the rows by RECEIVED column. On the other hand, pressing the s key sorts the rows by SENT column.

6.4. Changing Refresh Interval

To change the refresh interval, we can use the flag -d:

$ nethogs -d 2

The command above starts a nethogs instance with a 2 seconds refresh rate.

6.5. Tracing Mode

For monitoring purpose, we can start nethogs in trace mode:

$ nethogs -t

In trace mode, the reports are generated and appended to the console output. Therefore, providing us a stream of reports over time that can be used for further processing.

7. Summary

In this article, we’ve looked at the different network monitoring tools that are available in Linux. Then, we started off by explaining how these tools can be grouped by the level of details they provide when reporting the network usage of a system.

After that, we’ve started off with the simplest tool nload. We see how nload reports the network usage on the network interface by summing up all the network traffic.

Additionally, we’ve also looked at the speedometer. Although it is quite similar to nloadspeedometer provides varieties of display customization.

Then, we saw how iftop allows us to monitor the network traffic grouped by their respective connection socket. As a result, it provides more depth in the information when compared to nload and speedometer.

Finally, we explored how nethogs allows us to monitor the network traffic grouped by their respective process ID.

Authors Bottom

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

Comments are closed on this article!