DEV Community

Cover image for How to Monitor Network Traffic on Linux
Abhishek Pathak
Abhishek Pathak

Posted on

How to Monitor Network Traffic on Linux

#programming #scor32k #linux #ubuntu

Directly starting with the topic

1. iftop — Real-time Bandwidth Monitoring Per Connection

Use Case: View which remote hosts are consuming bandwidth in real-time.

Install:

sudo apt install iftop
Enter fullscreen mode Exit fullscreen mode

Usage:

sudo iftop -i eth0         # Replace eth0 with your network interface
Enter fullscreen mode Exit fullscreen mode

Key Features:

  • Shows top connections by bandwidth
  • Inbound/outbound traffic

Tips:

  • Press t to toggle display modes
  • Press p to pause
  • Combine with -B for display in bytes

2. nload — Simple Interface Bandwidth

Use Case: Monitor incoming/outgoing traffic per interface.

Install:

sudo apt install nload
Enter fullscreen mode Exit fullscreen mode

Usage:

sudo nload eth0
Enter fullscreen mode Exit fullscreen mode

Key Features:

  • Graphical view of upload/download rate
  • Totals and current stats

3. bmon — Bandwidth Monitoring and Visualization

Use Case: Visual tool to monitor all interfaces and track traffic.

Install:

sudo apt install bmon
Enter fullscreen mode Exit fullscreen mode

Usage:

sudo bmon
Enter fullscreen mode Exit fullscreen mode

Key Features:

  • Auto-detects interfaces
  • Live graphs and rate history

4. tcpdump — Deep Packet Inspection

Use Case: Capture and inspect packets on an interface.

Install:

sudo apt install tcpdump
Enter fullscreen mode Exit fullscreen mode

Usage:

sudo tcpdump -i eth0
Enter fullscreen mode Exit fullscreen mode

Example:

sudo tcpdump -i eth0 port 80  # Capture only HTTP traffic
Enter fullscreen mode Exit fullscreen mode

Tips:

  • Use -w to save packets to file
  • Analyze with Wireshark: tcpdump -w capture.pcap

5. netstat / ss — Network Connection Stats

Use Case: List active connections, ports, and listening services.

Usage:

ss -tulwn           # Faster replacement for netstat
Enter fullscreen mode Exit fullscreen mode

Example Output:

  • t – TCP
  • u – UDP
  • l – Listening
  • w – Raw sockets
  • n – Numeric output

Bonus: Use ss -p to see which process owns a port.

6. nethogs — Bandwidth by Process

Use Case: Identify processes using the most bandwidth.

Install:

sudo apt install nethogs
Enter fullscreen mode Exit fullscreen mode

Usage:

sudo nethogs eth0
Enter fullscreen mode Exit fullscreen mode

Features:

  • Lists per-process bandwidth usage
  • Real-time updates

7. vnstat — Long-term Network Usage Stats

Use Case: Track data usage over time (hourly/daily/monthly).

Install:

sudo apt install vnstat
sudo vnstat -u -i eth0
Enter fullscreen mode Exit fullscreen mode

Usage:

vnstat                # Summary of usage
vnstat -d             # Daily usage
vnstat -m             # Monthly usage
Enter fullscreen mode Exit fullscreen mode

Great For:

  • Auditing bandwidth
  • Avoiding data cap overages

Best Practices & Tips

  • Run tools with sudo to ensure full interface access
  • Know your interface name: Use ip a to list interfaces
  • Combine tools: Use vnstat for history, iftop for live monitoring

If the article helps you, leave a like, follow, or anything 🙂.

You can follow me on LinkedIn, GitHub, Dev.to and hashnode.

Bye

Top comments (1)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.