Posted in

Traffic view Ubuntu

0

To check the IPs of incoming and outgoing traffic on Ubuntu using the terminal, you can use several network monitoring tools and commands. Here’s a comprehensive guide to accomplish this:

1. Using netstat

Explanation

netstat (network statistics) is a command-line tool that displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

How to Check

Install net-tools package if not already installed:


sudo apt update sudo apt install net-tools

To view active network connections:


sudo netstat -ant
  • -a: Show all connections.
  • -n: Show numerical addresses instead of resolving hostnames.
  • -t: Show TCP connections.

Example Output


Proto Recv-Q Send-Q Local Address           Foreign Address         State tcp        0      0 192.168.1.10:22         192.168.1.1:55343       ESTABLISHED tcp        0      0 192.168.1.10:80         192.168.1.2:56321       ESTABLISHED

2. Using ss

Explanation

ss (socket statistics) is a utility to investigate sockets, which can display more information than netstat.

How to Check

To view all established connections:


sudo ss -ant
  • -a: Show all sockets.
  • -n: Show numerical addresses.
  • -t: Show TCP sockets.

Example Output


State      Recv-Q Send-Q        Local Address:Port        Peer Address:Port ESTAB      0      0             192.168.1.10:ssh          192.168.1.1:55343 ESTAB      0      0             192.168.1.10:http         192.168.1.2:56321

3. Using iftop

Explanation

iftop is a real-time console-based network bandwidth monitoring tool. It shows a list of network connections from/to the local system.

How to Check

Install iftop:


sudo apt update sudo apt install iftop

Run iftop:


sudo iftop

Use Cases

  • Monitor real-time incoming and outgoing traffic.
  • Identify top IP addresses consuming bandwidth.

Example Output


                192.168.1.10                        =>  192.168.1.1                 0b   1Kb   9Kb                 192.168.1.10                        <=  192.168.1.2                 0b  60Kb  600Kb

4. Using tcpdump

Explanation

tcpdump is a powerful command-line packet analyzer tool. It can capture and display the packet headers on a network interface.

How to Check

Install tcpdump:


sudo apt update sudo apt install tcpdump

Capture traffic on a specific interface (e.g., eth0):


sudo tcpdump -i eth0

To capture and display only IP addresses:


sudo tcpdump -i eth0 -n

Example Output


tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 11:53:05.741826 IP 192.168.1.10.22 > 192.168.1.1.55343: Flags [P.], seq 1465281125:1465281289, ack 292973301, win 256, length 164 11:53:05.741860 IP 192.168.1.1.55343 > 192.168.1.10.22: Flags [.], ack 164, win 64240, length 0

Use Cases

  • Analyze detailed packet-level information.
  • Diagnose network issues by inspecting traffic.

5. Using nload

Explanation

nload is a real-time network traffic and bandwidth usage monitor.

How to Check

Install nload:


sudo apt update sudo apt install nload

Run nload:


sudo nload

Use Cases

  • Monitor incoming and outgoing traffic bandwidth.
  • Visualize network usage over time.

Example Output

Device eth0
Incoming:                                 Outgoing: Curr: 1.00 MBit/s                         Curr: 500 KBit/s Avg:  800 KBit/s                          Avg:  300 KBit/s

Summary

Monitoring incoming and outgoing IP traffic on Ubuntu can be achieved using various tools, each suited for different levels of detail and real-time analysis. By leveraging netstat, ss, iftop, tcpdump, and nload, you can effectively monitor and analyze network traffic, ensuring robust network security and efficient troubleshooting.

Leave a Reply

Your email address will not be published. Required fields are marked *