Network Tools

traceroute

  • Installation: yum install traceroute
  • Use ICMP ECHO for probes (default is UDP): traceroute -I google.ro
  • Do not map IP addresses to host names: traceroute -n google.ro
  • Use TCP SYN for probes: traceroute -T google.ro
  • Sets the number of probe packets per hop (default is 3): traceroute -q 5 google.ro

ip

  • Display the interfaces (similar to ifconfig): ip link show
  • Bring up the interface online (similar to ifconfig eth0 up): ip link set eth0 up
  • Display the IP address on the interface: ip addr show
  • Display ARP table (similar to arp -a): ip neigh show
  • Delete all entries from table: ip neigh flush dev eth0
  • Delete an entry from ARP table: ip neigh delete 192.168.1.4 dev eth0

tcpdump

  • Print the list of the network interfaces: tcpdump -D
  • Capture everything in a file: tcpdump -i eth0 -n -w /tmp/$(hostname)-$(date +"%Y-%m-%d-%H-%M-%S").pcap

tcptrack

tcptrack displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top(1) command.

  • Install on CentOS 6:
yum install ncurses-devel libpcap-devel
wget http://pkgs.fedoraproject.org/repo/pkgs/tcptrack/tcptrack-1.4.2.tar.gz/dacf71a6b5310caf1203a2171b598610/tcptrack-1.4.2.tar.gz
tar zxvf tcptrack-1.4.2.tar.gz
cd tcptrack-1.4.2
./configure
make
make install
  • Sniff packets from the specified network interface: tcptrack -i eth0
  • Show only web traffic: tcptrack -i eth0 port 80
  • Show connections from host 192.168.100.11: tcptrack -i eth0 src or dst 192.168.100.11
  • Use lipcap advanced filter: tcptrack -i eth0 'ip dst 192.168.100.11 and port (80 or 443 or 22)'

Interactive options

p - Pause/unpause display. No new connections will be added to the display, and all currently displayed connections will remain in the display.
q - Quit tcptrack.
s - Cycle through the sorting options: unsorted, sorted by rate, sorted by total bytes.

speedometer

  • Install on CentOS 6
cd /root
wget https://excess.org/speedometer/speedometer-2.8.tar.gz
tar zxvf speedometer-2.8.tar.gz
wget https://pypi.python.org/packages/source/u/urwid/urwid-1.3.1.tar.gz
tar zxvf urwid-1.3.1.tar.gz
cd urwid-1.3.1/
python setup.py build
python setup.py install or cp -r urwid /root/speedometer-2.8
  • Display RX traffic on eth0: ./speedometer.py -rx eth0
  • Display TX traffic on eth0: ./speedometer.py -tx eth0

https://excess.org/speedometer

iftop

  • Install on CentOS 6

yum install iftop --enablerepo=epel

  • Listen on named interface: iftop -i eth0
  • Display the port as well: iftop -P -i eth0
  • Do not do hostname lookups: iftop -n -i eth0
  • Show traffic flows in/out of IPv4 network: iftop -F 192.168.100.0/24 -i eth0

slurm

  • Installation on CentOS 6:
green - downloads (RX)
red - uploads (TX)
yum install cmake
wget https://github.com/mattthias/slurm/archive/upstream.zip
unzip upstream.zip
cd slurm-upstream
mkdir _build
cd _build
cmake
make
make install
  • Select network interface: slurm -i eth0
Shortcuts:
  • c - switch to classic mode
  • s - switch to split graph mode
  • l - switch to large graph mode
  • L - enable TX/RX led
  • m - switch between classic, split and large view
  • z - zero counters
  • r - redraw screen
  • q - quit slurm

tcpkill

  • Installation on CentOS 6: yum install dsniff --enablerepo=epel
  • View connections: netstat -tnpa | grep ESTABLISHED
  • Kill connection for port 22: tcpkill -i eth0 port 22
  • Kill all packets arriving from host 192.168.100.9: tcpkill host 192.168.100.9