Introduction to Linux - A Hands on Guide | Linux Bible | Linux From Scratch | A Newbie's Getting Started Guide to Linux | Linux Command Line Cheat Sheet | More Linux eBooks



Monday, 22 July 2013

Monitor and Analyze the Network Traffic with "IPTRAF"


IPTraf is ncurses-based Network monitor which produces a variety of network statistics. This open source software is written by Gerard Paul Java, and released under the terms of GNU General Public License. (For those who do not know about ncurses, it is a tool using which graphical environment can be developed which then can be run under the terminal). IPTraf generates the details about TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and other network related information.

 

Installation:

IPTraf can be installed using apt-get utility as follows:

sudo apt-get install iptraf

One may make use of Ubuntu Software Center to install IPTraf.

 

IPTraf Usage in Terminal

network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor

When IPTraf is used without any options, it will be displayed as a GUI-like application in terminal window. This interactive mode of IPTraf will show a menu wherein a number of options are provided and user is asked to select any one of them.

 

Monitoring TCP and UDP traffic

sudo iptraf -s <interface>

For example, sudo iptraf -s eth1

traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer

The option -s will let you start monitoring TCP and UDP traffic over the targetted interface.

 

Displaying Detailed Statistics

sudo iptraf -d <interface>

For example, sudo iptraf -d eth1

traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer traffic analyzer

The option -d will provide detailed statistics of traffic over specified interface.

 

Define a Time-out

sudo iptraf <option> <interface> -t <timeout>

For example, sudo iptraf -d eth1 -t 5

The option -t allows you to set a time-out so that the utility will run for a specific time and you can monitor the network traffic till that particular time-out.

 

IPTraf in Interactive Mode

 

IP Traffic Monitor

This is the default option for the individual analysis of each network interface. You can even do an analysis of your loopback interface, the famous 127.0.0.1

traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor traffic monitor

Select the interface to be analyzed and hit the <enter>key :

iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf

Note that the screen shows enough information about all active connections passing through the interface, it also highlights the origin and destination of the connection as well as speed and packages transmission. No above example was chosen to do an analysis of all computer interfaces.

To sort the display of connections in order of number of packets transmitted or sizes of packets transmitted press the "s" and then press "p" to display first the connections that are broadcasting the greatest amount of packages and "b" to display those that are sending the largest packets. To return to the previous screen press the "ESC" key.

 

General Interface Statistics

It displays general information of data traffic on all interfaces, such as amount and type of package and finally the current transfer rate in each. It does exactly what the following option does, but with less detailed information.

iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf iptraf

 

Detailed Interface Statistics

Displays information with a greater level of detail, type of packages, quantity and speed of current transfer in each.

network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor network monitor

Note that this option shows the amount of data that is arriving / leaving the interface (Incoming and Outgoing rates) and total rate. Data packets to the broadcast and corrupted packets are also listed in this option.

 

Statistical Breakdowns

This option displays data on the size of the packets that go traveling in their interfaces. The data are analyzed by standard size of MTU's (Maximum Transfer Unit) value that ranges from 1 to 1500 bytes in ethernet standard, i.e., it shows the amount of packages trafficked dividing them into groups of respective sizes.

This type of analysis is interesting because it can identify an attack by a port-scanner by their common feature, the small size of the packets sent in large quantities to specific ports.

Creating Filters for refined analysis

At some point, it will be interesting, for example, when we want to make an analysis of data from a specific computer, or certain network traffic on certain ports etc. This will hinder the capabilities of network administrators to analyze the traffic clearly, because of large chunk of data, unless filters are used. The filters are there to facilitate this, you can get just the data you really need. 



1 comment:

  1. you should do one on HTOP and Aptitude and post it to the G+ Community.

    ReplyDelete