what service/program is using what port: https://dwaves.de/2015/06/16/linux-list-all-open-ports-and-listening-services/

IPTraf, Iftop, vnstat, bwm-ng, ifconfig -a


gives you overall statistics

the blue stuff on the left: iptraf

manpage: iptraf-ng.man.txt

you probably want to let it run in a screen session, in order to collect data, while you are not logged in.

# setup iptraf on fedora/redhat/centos
yum search iptraf
# will lead you to
yum install iptraf-ng.x86_64

# what repo does it come from?
repoquery -i iptraf-ng.x86_64
Name        : iptraf-ng
Version     : 1.1.4
Release     : 7.el7
Architecture: x86_64
Size        : 659409
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Group       : Applications/System
URL         : https://github.com/iptraf-ng/iptraf-ng/
Repository  : base
Summary     : A console-based network monitoring utility
Source      : iptraf-ng-1.1.4-7.el7.src.rpm
Description :
IPTraf-ng is a console-based network monitoring utility.

“This program can be used to determine the type of traffic on your network, and what kind of service is the most heavily used on what machines, among others.” (src)

“IPTraf gathers data like TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

IPTraf-ng features include an IP traffic monitor which shows TCP flag information, packet and byte counts, ICMP details, OSPF packet types, and oversized IP packet warnings;

interface statistics showing IP, TCP, UDP, ICMP, non-IP and other IP packet counts, IP checksum errors, interface activity and packet size counts;

a TCP and UDP service monitor showing counts of incoming and outgoing packets for common TCP and UDP application ports, a LAN statistics module that discovers active hosts and displays statistics about their activity;

TCP, UDP and other protocol display filters so you can view just the traffic you want;

logging; support for Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interfaces;

and utilization of the built-in raw socket interface of the Linux kernel, so it can be used on a wide variety of supported network cards.”



gives you per-ip bandwidth usage.

manpage: iftop.man.txt

yum install iftop

non-grafical/raw text: tcpdump examples

the most basic overall/general overview over utilization of interfaces, updates statistics every second:

while true; do ifconfig -a; sleep 1; clear; done

show only traffic to/form the internet: (well not exactly it also shows the ARP traffic)

tcpdump -ni bge1 not dst net and not net

show http post requests:

tcpdump -i enp3s0 -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'

show http post requests:

tcpdump -i enp3s0 -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354'

with tcpdump you can monitor IP packages, UDP packages, ICMP (ping).

zypper install tcpdump; # comes preinstalled in suse12
apt-get install tcpdump; # debian8
yum install tcpdump; # centos7 redhat

tcpdump -i eth0
tcpdump -vnni eth0; # very verbose

root@Debian8:~# tcpdump -vi eth0|grep 192.168; # filter for source IP
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64 > aviate.yahoo.com: ICMP echo request, id 8548, seq 3, length 64



liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!