5 Network Performance and Analysis Tools For Linux | by Tate Galbraith | Feb, 2022

You’ll be able to have the newest and biggest servers round with the quickest processors, dump vans filled with reminiscence, and disk area for days and a easy community concern might carry all the things to a screeching halt.

Servers depend on rock stable community connectivity to really make the most of all that computational horsepower. Whether or not it’s downloading workload info or serving buyer internet requests, it is advisable to make sure your community can deal with it.

Diagnosing troublesome community paths and getting an correct efficiency benchmark on hyperlinks isn’t all the time straightforward. Fortunately, within the Linux world, we’ve entry to a plethora of instruments to assist deal with a few of these troublesome duties.

On this article, I’ll information us via some built-in and third-party Linux utilities that make diagnosing community issues and crafting options piece of cake.

A community engineer’s toolkit wouldn’t be full with out iPerf. This monumentally helpful community utility permits you to carry out end-to-end throughput and latency testing. The most important good thing about utilizing iPerf is that you should have management over each ends of the connection. You gained’t merely be sending site visitors and ready for it’s return you’ll have entry to statistics at each sides.

So as to use iPerf correctly you will need to setup each a shopper and server occasion. The server occasion runs alongside or in your current servers and shopper cases could be began from anyplace you want to check from.

The shoppers will connect with the server on a particular port after which have the flexibility to carry out a battery of detailed checks.

Begin a easy iPerf server by operating the next command:

iperf -s

This may run iPerf and hear robotically on port 5001. Now, join a shopper and start the default bandwidth check by issuing the next:

iperf -c <host_ip_running_iperf_server>

Within the following instance, the iPerf check was carried out on the identical machine over localhost:

------------------------------------------------------------
Shopper connecting to 127.0.0.1, TCP port 5001
TCP window measurement: 144 KByte (default)
------------------------------------------------------------
[ 1] native 127.0.0.1 port 52340 related with 127.0.0.1 port 5001
[ ID] Interval Switch Bandwidth
[ 1] 0.00-10.00 sec 141 GBytes 121 Gbits/sec

Clearly, for this check the bandwidth is kind of excessive for the reason that site visitors by no means leaves the host. If you happen to’re diagnosing sluggish hyperlinks, hosts or different middleboxes it’s fairly evident simply how helpful this may be when deployed all through your community.

Try the official iPerf web site under for extra info:

That is an absolute work horse of the community diagnostics world. Utilizing tcpdump you’ll be able to seize community site visitors because it passes via a number and in addition makes use of it to replay or rewrite packets. With tcpdump it can save you packet seize recordsdata that may be learn both in plain textual content or by the notorious Wireshark utility

One of the best half about tcpdump is its flexibility. It may be as easy or as superior as you need it to be. For instance, let’s take a look at how one can seize site visitors destined in direction of Google’s public DNS resolver 8.8.8.8:

sudo tcpdump host 8.8.8.8

This command tells tcpdump to filter just for site visitors sourced from or destined to the host with IP handle 8.8.8.8. It’s best to see output much like this:

On this instance, we clearly see the bidirectional site visitors circulation from our host (172.16.30.223) to Google and again. Utilizing tcpdump you’ll be able to rapidly and simply determine the place particular site visitors is being heard on the community.

  • Extra info is obtainable on the official tcpdump web site here.
  • The Pink Hat weblog has an excellent primer on utilizing tcpdump filters available here.

That is like ping however on steroids. With hping you’ll be able to carry out an entire set of further duties which you could’t with regular ping. Whereas it was initially developed as a safety software, it gives helpful on a regular basis community testing performance as effectively.

In hping you’ll be able to spoof community addresses, ship floods of packets and even run complicated port scans. These are mere toys in comparison with the performance of the TCP/UDP part of hping.

Utilizing hping you’ll be able to set a ton of various flags and carry out detailed TCP/UDP utility testing by crafting exactly the site visitors you want:

UDP/TCP
-s --baseport base supply port (default random)
-p --destport [+][+]<port> vacation spot port(default 0) ctrl+z inc/dec
-k --keep hold nonetheless supply port
-w --win winsize (default 64)
-O --tcpoff set pretend tcp information offset (as an alternative of tcphdrlen / 4)
-Q --seqnum reveals solely tcp sequence quantity
-b --badcksum (attempt to) ship packets with a foul IP checksum
many techniques will repair the IP checksum sending the packet
so you may get dangerous UDP/TCP checksum as an alternative.
-M --setseq set TCP sequence quantity
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag

These could be fairly useful when you’re troubleshooting a very cranky community utility and need to try to replicate a few of it’s site visitors patterns.

Official hping web site obtainable under:

Need to know who’s speaking to a number? What ports are in use? What state an utility is in? Netstat works wonders to resolve these issues.

This utility has been round for nearly forty years. There’s a great motive for this. Netstat reveals you precisely what it is advisable to learn about who’s related to you.

The commonest use for Netstat is displaying open ports for a machine. Utilizing the next command you’ll be able to see this info:

netstat -ap

It’s best to see some output much like this:

Within the info above we are able to clearly see that this host is listening on a port 22 for incoming SSH connections. Netstat can even change well-known ports with their service names for comfort.

If you happen to’re attempting to determine if a specific port is open and listening then utilizing Netstat is the way in which to go.

We saved the most effective for final. This can be a massive one.

If the instruments listed beforehand have been instruments in a toolbox then Scapy is the entire rattling storage. This utility enables you to construct full packets from scratch one layer at a time. In case you have the time and endurance you’ll be able to craft virtually any community site visitors you need in Scapy.

Whereas technically Scapy is a Python module, it may be simply put in and run similar to another command-line program. The profit is because it’s built-in Python, you’ll be able to create complicated Scapy setups in an intuitive language with out having to battle Bash or different annoying config recordsdata.

Scapy additionally gives a command-line interpreter for interactively constructing packets and different information. They declare it accommodates a lot performance:

“It could actually simply deal with most classical duties like scanning, tracerouting, probing, unit checks, assaults or community discovery (it could actually change hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, and so on.).”

Official Scapy Website

That is actually a powerhouse relating to the complete community stack. If you happen to’re occupied with actually studying how every layer works, this library provides you with all of the instruments you want.

Try the official Scapy web site under for extra utilization and set up info:

More Posts