Uncover the infinite in IT

What can we help you with?

Categories
Table of Contents
< All Topics

Network Monitoring on Debian 12 with netstat, ss, and iftop

Overview of network monitoring on Debian 12

This tutorial explains network monitoring on Debian 12 using netstat, ss, and iftop. These tools help identify network traffic and troubleshoot connectivity issues effectively.

Prerequisites

  • Root or sudo access.

Steps

Step 1: Check Network Connections with netstat

  1. Install net-tools (if needed), which includes netstat:

Discover more about Basic Networking

sudo apt install net-tools -y

2. List All Active Connections:

netstat -a
  • Common columns include:
    • Proto: Protocol (e.g., TCP, UDP).
    • Local Address: Address and port of the local connection.
    • Foreign Address: Address and port of the remote connection.
    • State: Status of the connection (e.g., LISTEN, ESTABLISHED).

3. Display Listening Ports:

netstat -tuln
  • The -tuln options show TCP (-t) and UDP (-u) listening ports (-l) in numeric format (-n).

4. Check Network Statistics:

netstat -s
  • This provides detailed statistics for each protocol, useful for diagnosing network performance.

Step 2: Monitor Active Connections and Ports with ss

1. ss is a more modern alternative to netstat for checking network sockets and active connections.

2. List All Listening Sockets:

ss -tuln
  • Similar to netstat -tuln, this shows listening ports and associated protocols.

3. View Established Connections:

ss -at
  • This displays all active TCP connections.

4. Filter by Specific Port or Process:

  • To check if a specific port (e.g., 80) is open:
ss -at '( dport = :80 )'

More on ss Command

Step 3: Monitor Real-Time Bandwidth Usage with iftop

1. Install iftop:

sudo apt install iftop -y

2. Run iftop with sudo to monitor bandwidth:

sudo iftop
  • iftop provides a real-time view of network bandwidth usage per connection.

3. Using iftop Controls:

  • Press P to toggle between sent and received data display.
  • Press T to display total bandwidth usage.
  • Press S to sort by source IP, D to sort by destination IP.
  • Press Q to quit.

4. Limit Displayed Connections by Port:

  • To show only traffic on a specific port, use:
sudo iftop -i <interface> -f 'port 80'

Conclusion on network monitoring on Debian 12

This guide on network monitoring on Debian 12 helps you master netstat, ss, and iftop, ensuring effective traffic analysis and troubleshooting.

RSS
Facebook
X (Twitter)
Pinterest
fb-share-icon
LinkedIn
Share
WhatsApp
Copy link
URL has been copied successfully!