CentOS Sniffer实时流量监控

Real-Time Network Traffic Monitoring Tools for CentOS

Monitoring network traffic in real time is essential for identifying bottlenecks, detecting anomalies, and ensuring optimal network performance on CentOS systems. Below are four widely used command-line tools for real-time traffic monitoring, each with distinct features and use cases:

1. iftop: Real-Time Bandwidth Usage by Connection

iftop is a lightweight, interactive tool that displays real-time bandwidth usage for each network connection, sorted by traffic volume. It supports IPv4/IPv6 and provides insights into which hosts or applications are consuming the most bandwidth.

• Installation:

  sudo yum install epel-release && sudo yum install iftop -y  # CentOS 7/8
  sudo dnf install iftop -y                                   # CentOS 9/Stream
  

• Usage:

  sudo iftop -i <interface>  # Replace <interface> with your network interface (e.g., eth0, ens33)
  

• Key Features:
  • Real-time display of bandwidth usage (inbound/outbound) per connection.
  • Reverse DNS resolution to show hostnames instead of IP addresses.
  • Sorting by traffic volume (press P to toggle port display).
  • Threshold alerts for abnormal traffic (configurable via -t option).

2. nload: Intuitive Bandwidth Charts

nload provides a graphical representation of network traffic using ASCII charts, making it easy to visualize inbound/outbound traffic flows. It is ideal for quick checks on network activity without complex configurations.

• Installation:

  sudo yum install nload -y     # CentOS 7/8
  sudo dnf install nload -y     # CentOS 9/Stream
  

• Usage:

  nload <interface>  # Replace <interface> with your network interface (e.g., eth0)
  

• Key Features:
  • Two live charts for inbound (green) and outbound (blue) traffic.
  • Real-time display of average speed, peak usage, and total transferred data.
  • Simple navigation with arrow keys to switch between interfaces.

3. tcpdump: Packet-Level Capture and Analysis

tcpdump is a powerful command-line packet analyzer that captures and displays network packets in real time. It is highly customizable, allowing you to filter traffic by protocol, port, IP address, or packet attributes.

• Installation:

  sudo yum install tcpdump -y   # CentOS 7/8
  sudo dnf install tcpdump -y   # CentOS 9/Stream
  

• Usage:

  sudo tcpdump -i <interface>                  # Capture all traffic on <interface>
  sudo tcpdump -i <interface> port 80          # Filter HTTP traffic (port 80)
  sudo tcpdump -i <interface> -w capture.pcap  # Save packets to a file for later analysis
  

• Key Features:
  • Real-time display of packet headers (source/destination IP, port, protocol).
  • Advanced filtering with Berkeley Packet Filter (BPF) syntax.
  • Save captured packets to a file (.pcap) for offline analysis.

4. nethogs: Process-Level Bandwidth Usage

nethogs shows real-time bandwidth usage broken down by process, helping you identify which applications are consuming the most network resources. It is useful for troubleshooting application-level traffic issues.

• Installation:

  sudo yum install epel-release && sudo yum install nethogs -y  # CentOS 7/8
  sudo dnf install nethogs -y                                   # CentOS 9/Stream
  

• Usage:

  sudo nethogs <interface>  # Replace <interface> with your network interface (e.g., eth0)
  

• Key Features:
  • Real-time display of bandwidth usage per process (PID, user, program name).
  • Sort processes by sent/received data (press M to toggle).
  • Support for multiple network interfaces.

Choosing the Right Tool

• Use iftop for connection-level bandwidth monitoring.
• Use nload for visualizing traffic trends with charts.
• Use tcpdump for deep packet inspection and analysis.
• Use nethogs to identify bandwidth-hungry processes.

Each tool has its strengths, and combining them can provide a comprehensive view of your CentOS system’s network traffic.