5 Linux Network Monitoring Tools
Ping and Etherape
- November 4, 2010
- By Paul Ferrill
Linux networking monitoring tools work on all networks– Linux, BSD, Mac, Unix, and Windows. Paul Ferrill introduces new admins to a basic monitoring toolkit.
Monitoring traffic on your network is only as important as the data and computers you want to protect. Understanding how to do basic network troubleshooting will save you both in wasted time and money. Every Linux operating system comes with a number of command line tools to help you diagnose a network problem. In addition, there are any number of open source tools available to help you track down pesky network issues.
In this article we’ll take a look at what’s available from the command line and from freely available applications. Knowing a few simple commands and when to use them will help you get started as a network diagnostic technician. We’ll use Ubuntu 10.04 desktop as our test platform, although all of these work in other distros as well.
Good Old Ping
If you’re uncomfortable using the Linux command line from a terminal, you might as well stop reading at this point or at least skip to the other applications. In reality, there’s nothing to be afraid of when it comes to the Linux command line, especially when it comes to diagnosing a network problem. Most commands simply display information that can help you determine what’s happening. Some will require root permissions or at least the ability to issue the sudo command.
First and foremost is the ifconfig command. Typing this at a command prompt will display information about all known network devices. In the example below you can see eth0, lo and wlan0. These correspond to a wired Ethernet device (assigned address 192.168.1.2), the lo or loopback connection, and a wireless Ethernet device (address 192.168.1.102). It also shows the mac address of the device (HWaddr) and some statistics about the traffic. This should be your first command if you’re having network troubles to see if you have a valid IP address and if you see any traffic counts or errors.
The ping command should be your second tool of choice to determine if your computer is communicating with the outside world. Issuing a ping command to a known address (like 22.214.171.124) will quickly show if you have connectivity or not. It will also show you the time it took for the ping command to complete. Typical ping times for a DSL-type connection should be somewhere around 50 ms.
After the first two you should probably use the route command. This will show a list of IP addresses including the Destination and Gateway addresses connected to each interface along with some additional information including a Flags column. This column will have the letter G on the line associated with your default gateway. You can use this address in a ping command to determine if your machine has connectivity with the gateway.
EtherApe is available for download from the Ubuntu Software Center. It uses GNOME and libpcap to present a graphical map of all network traffic seen by the selected interface. After installation you should see the EtherApe icon under the Applications / System Tools menu. When we ran it this way, it wasn’t able to open any of the network devices as this requires root access. We were able to get it to run from the command line using sudo as follows:
Once you have the program running it should start displaying a graphical representation of the traffic seen on the default Ethernet interface. You can select a specific device if your computer has multiple Ethernet interfaces using the Capture / Interfaces menu. EtherApe also has the ability to view data from a saved pcap file and show traffic by protocol.