Last updated on November 26, 2020 by Dan Nanni
There are many traffic monitoring tools available on Linux, which can monitor/classify network traffic, and report real-time traffic statistics in fancy user interfaces. Most of these tools (e.g., ntopng
, iftop
) are powered by libpcap
, which is a packet capture library used to monitor network traffic in user space. Despite their versatility, libpcap
-based network monitoring tools, however, cannot scale to handle traffic on multi Gigabit rate network interfaces, due to the overhead associated with user-space packet capture.
In this tutorial, I will present simple shell scripts that can monitor network traffic on per-interface basis, without relying on slow libpcap
library. These scripts are fast enough to support multi Gigabit rates, but only suitable if you are interested in aggregate network statistics on per interface basis.
The secret for the scripts lies in sysfs
virtual filesystem which is used by the kernel to export device- or driver-related information to user space. Network interface related statistics are exported via /sys/class/net/<ethX>/statistics
.
For example, the statistics on eth0
interface are found in these files:
/sys/class/net/eth0/statistics/rx_packets:
number of packets received
/sys/class/net/eth0/statistics/tx_packets:
number of packets transmitted
/sys/class/net/eth0/statistics/rx_bytes:
number of bytes received
/sys/class/net/eth0/statistics/tx_bytes:
number of bytes transmitted
/sys/class/net/eth0/statistics/rx_dropped:
number of packets dropped while received
/sys/class/net/eth0/statistics/tx_dropped:
number of packets dropped while transmitted
The numbers stored in the files are automatically refreshed in real-time by the kernel. Therefore, you can write scripts that calculate traffic statistics based on these files.
The following are two such scripts (thanks to joemiller). The first script counts the number of packets per second, received (RX) or sent (TX) on an interface, while the latter scripts measures the network bandwidth of incoming (RX) and outgoing (TX) traffic on an interface. You do not need to install anything to run these scripts.
The following script periodically prints out the number of RX/TX packets for a given network interface (to be provided as an argument to the script).
#!/bin/bash INTERVAL="1" # update interval in seconds if [ -z "$1" ]; then echo echo usage: $0 [network-interface] echo echo e.g. $0 eth0 echo echo shows packets-per-second exit fi IF=$1 while true do R1=`cat /sys/class/net/$1/statistics/rx_packets` T1=`cat /sys/class/net/$1/statistics/tx_packets` sleep $INTERVAL R2=`cat /sys/class/net/$1/statistics/rx_packets` T2=`cat /sys/class/net/$1/statistics/tx_packets` TXPPS=`expr $T2 - $T1` RXPPS=`expr $R2 - $R1` echo "TX $1: $TXPPS pkts/s RX $1: $RXPPS pkts/s" done
The following script periodically prints out the RX/TX bandwidth (KB/s) for a given network interface (to be provided as an argument to the script).
#!/bin/bash INTERVAL="1" # update interval in seconds if [ -z "$1" ]; then echo echo usage: $0 [network-interface] echo echo e.g. $0 eth0 echo exit fi IF=$1 while true do R1=`cat /sys/class/net/$1/statistics/rx_bytes` T1=`cat /sys/class/net/$1/statistics/tx_bytes` sleep $INTERVAL R2=`cat /sys/class/net/$1/statistics/rx_bytes` T2=`cat /sys/class/net/$1/statistics/tx_bytes` TBPS=`expr $T2 - $T1` RBPS=`expr $R2 - $R1` TKBPS=`expr $TBPS / 1024` RKBPS=`expr $RBPS / 1024` echo "TX $1: $TKBPS kB/s RX $1: $RKBPS kB/s" done
The following screenshot shows the above two scripts in action.
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean