Several ways for Linux to view real-time network card traffic

Posted by kristo5747 on Wed, 26 Jan 2022 14:21:46 +0100

In our work, we often need to check the real-time network card traffic of the server. Usually, we will check the real-time network card traffic of Linux server through these methods.

1. sar -n DEV 1 2

The sar command is included in the sysstat toolkit and provides many statistics of the system. There are some differences in commands on different systems. The sar provided by some systems supports data statistics based on network interface, and can also view the number of packets received and traffic on the device per second.

 sar –n DEV  1 2 

After the command, 1 and 2 mean: take the value once every second and take it twice.

DEV displays network interface information

In addition, the - n parameter is very useful. It has six different switches: DEV | EDEV | NFS | NFSD | SOCK | ALL, which represents the following meanings:

  • DEV displays network interface information.
  • EDEV displays statistics about network errors.
  • NFS counts information about active NFS clients.
  • NFSD counts the information of NFS server
  • SOCK displays socket information
  • ALL displays ALL 5 switches
[sre@CDVM-213017031 ~]$ sar -n DEV 1 2
Linux 2.6.32-431.el6.x86_64 (CDVM-213017031)    05/04/2017  _x86_64_    (4 CPU)

08:05:30 PM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
08:05:31 PM        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
08:05:31 PM      eth0   1788.00   1923.00    930.47    335.60      0.00      0.00      0.00

08:05:31 PM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
08:05:32 PM        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
08:05:32 PM      eth0   1387.00   1469.00    652.12    256.98      0.00      0.00      0.00

Average:        IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
Average:           lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
Average:         eth0   1587.50   1696.00    791.29    296.29      0.00      0.00      0.00

Parameter Description:

  • IFACE: LAN interface
  • rxpck/s: packets received per second
  • txpck/s: packets sent every second
  • rxbyt/s: number of bytes received per second
  • txbyt/s: number of bytes sent per second
  • rxcmp/s: compressed packets received per second
  • txcmp/s: compressed packets sent every second
  • rxmcst/s: multicast packets received per second
  • rxerr/s: bad packets received per second
  • txerr/s: bad packets sent every second
  • coll/s: number of conflicts per second
  • rxdrop/s: the number of received packets dropped per second because the buffer is full
  • txdrop/s: the number of sent packets dropped per second because the buffer is full
  • txcarr/s: number of carrier errors per second when sending packets
  • rxfram/s: the number of frame alignment errors received per second
  • rxfifo/s: the number of FIFO over speed errors per second of received packets
  • txfifo/s: the number of FIFO over speed errors per second in packets sent

This method is simple, intuitive and recommended.

2. Real time monitoring script

#!/bin/bash

ethn=$1

while true
do
  RX_pre=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $2}')
  TX_pre=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $10}')
  sleep 1
  RX_next=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $2}')
  TX_next=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $10}')

  clear
  echo -e "\t RX `date +%k:%M:%S` TX"

  RX=$((${RX_next}-${RX_pre}))
  TX=$((${TX_next}-${TX_pre}))

  if [[ $RX -lt 1024 ]];then
    RX="${RX}B/s"
  elif [[ $RX -gt 1048576 ]];then
    RX=$(echo $RX | awk '{print $1/1048576 "MB/s"}')
  else
    RX=$(echo $RX | awk '{print $1/1024 "KB/s"}')
  fi

  if [[ $TX -lt 1024 ]];then
    TX="${TX}B/s"
  elif [[ $TX -gt 1048576 ]];then
    TX=$(echo $TX | awk '{print $1/1048576 "MB/s"}')
  else
    TX=$(echo $TX | awk '{print $1/1024 "KB/s"}')
  fi

  echo -e "$ethn \t $RX   $TX "

done

This script does not need to install additional software, and can customize the interface to be viewed, accurate to decimal, and can flexibly display the unit according to the flow size. The default acquisition interval is 1 second.

Usage:

1. Save the script as an executable script file, such as net sh.

2,chmod +x ./net.sh changes the file to an executable script.

3,sh net.sh eth0 can start monitoring the interface eth0 traffic, and press ctrl+c to exit.

The script is obtained by reading the network real-time data in the runtime file system / proc/net/dev and simple calculation. For the directory / proc/net/dev, see below.

3. cat /proc/net/dev

The Linux kernel provides a mechanism to access the internal data structure of the kernel and change the kernel settings at runtime through the / proc file system. Proc file system is a pseudo file system, which only exists in memory and does not occupy external memory space. It provides an interface for accessing system kernel data in the form of file system. Users and applications can get the information of the system through proc, and can change some parameters of the kernel. Because the information of the system, such as the process, changes dynamically, when the user or application reads the proc file, the proc file system dynamically reads the required information from the system kernel and submits it/ The proc file system contains many directories, in which / proc/net/dev holds the network adapter and statistics.

[sre@CDVM-213017031 ~]$ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:137052296  108029    0    0    0     0          0         0 137052296  108029    0    0    0     0       0          0
  eth0:13661574714188 31346790620    0    0    0     0          0         0 5097461049535 27671144304    0    0    0     0       0          0
  
  The leftmost indicates the name of the interface, Receive Indicates packet receipt, Transmit Indicates the sending packet;
  bytes Indicates the number of bytes sent and received;
  packets Indicates the correct number of packets sent and received;
  errs Indicates the amount of packets sent and received incorrectly;
  drop Indicates the number of packets received and received and discarded;

In fact, many commands we often use to view the real-time traffic of the network card are obtained by reading the real-time traffic under the directory and simple calculation.

4. Use the watch command in combination with ifconfig, more /proc/net/dev and cat /proc/net/dev to monitor in real time. For example, execute watch -n 1 "ifconfig eth0"

Every 1.0s: ifconfig eth0                                                                                                                                    Thu May  4 20:26:45 2017

eth0      Link encap:Ethernet  HWaddr FA:16:3E:7E:55:D1
          inet addr:10.213.17.31  Bcast:10.213.23.255  Mask:255.255.248.0
          inet6 addr: fe80::f816:3eff:fe7e:55d1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31350149703 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27674701465 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13663400883450 (12.4 TiB)  TX bytes:5098104759633 (4.6 TiB)

Watch can help you monitor the running results of a command, saving you from running it manually over and over again. Under Linux, watch executes the next program periodically and displays the execution results in full screen.

Finally, in addition to the above, there are many ways to view the network card traffic of the current system. I won't repeat them one by one. If the above methods can't meet your needs, please google by yourself.

Methods 1 and 2 are highly recommended based on their ease of use and readability.



.

Topics: Linux