John Reed
github twitter
Linux Utilities
Jul 26, 2014
4 minutes read

General

htop

htop screenshot

Network

nethogs

nethogs screenshot

NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth. – http://nethogs.sourceforge.net/

iftop

iftop screenshot

iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question “why is our ADSL link so slow?”. – http://www.ex-parrot.com/pdw/iftop/

Wireshark

wireshark screenshot

Auditing

nmap

nmap screenshot

ping

ping screenshot

traceroute

traceroute screenshot

traceroute --help
Usage:
 traceroute [ -46dFITnreAUDV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] [ --fwmark=num ] host [ packetlen ]
Options:
 -4 Use IPv4
 -6 Use IPv6
 -d --debug Enable socket level debugging
 -F --dont-fragment Do not fragment packets
 -f first_ttl --first=first_ttl
 Start from the first_ttl hop (instead from 1)
 -g gate,... --gateway=gate,...
 Route packets through the specified gateway
 (maximum 8 for IPv4 and 127 for IPv6)
 -I --icmp Use ICMP ECHO for tracerouting
 -T --tcp Use TCP SYN for tracerouting (default port is 80)
 -i device --interface=device
 Specify a network interface to operate with
 -m max_ttl --max-hops=max_ttl
 Set the max number of hops (max TTL to be
 reached). Default is 30
 -N squeries --sim-queries=squeries
 Set the number of probes to be tried
 simultaneously (default is 16)
 -n Do not resolve IP addresses to their domain names
 -p port --port=port Set the destination port to use. It is either
 initial udp port value for "default" method
 (incremented by each probe, default is 33434), or
 initial seq for "icmp" (incremented as well,
 default from 1), or some constant destination
 port for other methods (with default of 80 for
 "tcp", 53 for "udp", etc.)
 -t tos --tos=tos Set the TOS (IPv4 type of service) or TC (IPv6
 traffic class) value for outgoing packets
 -l flow_label --flowlabel=flow_label
 Use specified flow_label for IPv6 packets
 -w waittime --wait=waittime
 Set the number of seconds to wait for response to
 a probe (default is 5.0). Non-integer (float
 point) values allowed too
 -q nqueries --queries=nqueries
 Set the number of probes per each hop. Default is
 3
 -r Bypass the normal routing and send directly to a
 host on an attached network
 -s src_addr --source=src_addr
 Use source src_addr for outgoing packets
 -z sendwait --sendwait=sendwait
 Minimal time interval between probes (default 0).
 If the value is more than 10, then it specifies a
 number in milliseconds, else it is a number of
 seconds (float point values allowed too)
 -e --extensions Show ICMP extensions (if present), including MPLS
 -A --as-path-lookups Perform AS path lookups in routing registries and
 print results directly after the corresponding
 addresses
 -M name --module=name Use specified module (either builtin or external)
 for traceroute operations. Most methods have
 their shortcuts (`-I' means `-M icmp' etc.)
 -O OPTS,... --options=OPTS,...
 Use module-specific option OPTS for the
 traceroute module. Several OPTS allowed,
 separated by comma. If OPTS is "help", print info
 about available options
 --sport=num Use source port num for outgoing packets. Implies
 `-N 1'
 --fwmark=num Set firewall mark for outgoing packets
 -U --udp Use UDP to particular port for tracerouting
 (instead of increasing the port per each probe),
 default port is 53
 -UL Use UDPLITE for tracerouting (default dest port
 is 53)
 -D --dccp Use DCCP Request for tracerouting (default port
 is 33434)
 -P prot --protocol=prot Use raw packet of protocol prot for tracerouting
 --mtu Discover MTU along the path being traced. Implies
 `-F -N 1'
 --back Guess the number of hops in the backward path and
 print if it differs
 -V --version Print version info and exit
 --help Read this help and exit

Arguments:
+ host The host to traceroute to
 packetlen The full packet length (default is the length of an IP
 header plus 40). Can be ignored or increased to a minimal
 allowed value

References


Back to posts


comments powered by Disqus