Network Monitor in CentOS 8

Like other Linux distros, CentOS has the commands and tools to monitor a network. Before diving into the network monitoring I will show some changes that are made in CentOS 8 (and also RHEL 8). In CentOS 8 the default service to manage the network-related tasks is Network Manager. First I will show the connections names and their respective interface names.

Next, I will show the ip addresses.

Other than the ‘ifconfig’ command, there is another way to show ip addresses.

Now I will start to show various ways to monitor the network.

The commands ‘ ip -4 a s’ , ‘ip -6 a s’ will show the  ipv4 and ip6 addresses respectively.

These commands don’t show the mac addresses of the interfaces. The following command will provide the mac addresses. 

The option ‘s’ after ‘ip’ command will show statistical information. I want to show stats for the interfaces. The command is ‘ip –s link show’. This command is useful to determine what is happening on which interface. There may some network issues like packet drop and this command can help to figure out the responsible interface.

For a particular interface just type the interface’s name at the end of the previous command. The ‘ip monitor’ command can provide output for any change in the network. For now, I will use it for any kind of change. The command is ‘ip monitor all’. For this tutorial purpose, I will take down a network connection.

The output is immediate.

If I want to have a particular interface’s information I can execute the command ‘nmcli device show [interface’s name]’.

To see all the interface’s information remove the interface’s name at the end of the command. ‘netstat’ is another useful tool for networking purposes.

l= listening, t= tcp, n= port number

The command ‘netstat –ltn’ shows the listening tcp ports with number. Instead of tcp, I can use ‘u’ for udp ports. If I remove the ‘n’ option it will show the name instead of port number. The ‘netstat –i’ will show the information about the network interfaces with MTU, packet transmission, and reception.

RX = receive, TX = transmit

MTU = Maximum Transmission Unit; A packet’s MTU is the maximum number of bytes it can have.

‘netstat –i’ will show the information about the network interfaces with MTU, packet transmission, and reception.

The ‘netstat –s’ will stack all the stats for different protocols.

‘sysstat’ tool is mainly used for cpu, disk, and memory utilization monitoring. It can also be used for network monitoring purposes to some extent.

‘sa’ is the log file of the ‘sysstat’.

sar = to read out from the ‘sa’ file, n = network, DEV = network interface

The command ‘sa –n DEV’ will read out the network interface information. By default, it will show output with 10 minutes interval. 

The command shows the output within 60 seconds interval of two captures.

‘nmap’ is the tool to scan ports. Here I have used ‘nmap’ tool to scan ports of a remote server (here google.com). The open ports are http and https ports.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s