Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

UNIX commands for monitoring network

cb911

cb911

macrumors 601
Original poster
Mar 12, 2002
4,134
4
BrisVegas, Australia
i'm just wondering if there are any UNIX commands that will let me monitor my network, and refresh. like 'top' but for my network.

i'm just looking for a command that shows current throughput (in B/s or K/s) and total amount recieved/sent. is there a command that does that? or do i have to use a thrid party app? i've searched and haven't come up with such a command yet... :(

anyone help me out?
 
cb911 said:
i'm just wondering if there are any UNIX commands that will let me monitor my network, and refresh. like 'top' but for my network.

i'm just looking for a command that shows current throughput (in B/s or K/s) and total amount recieved/sent. is there a command that does that? or do i have to use a thrid party app? i've searched and haven't come up with such a command yet... :(

anyone help me out?
Click to expand...

Try netstat. Type man netstat in a terminal to get the full listing of information you can receive. This is a great command to monitor your network interfaces.
 
Then there's tcpdump. Unless you take some time to get familiar with the options, it can be a little like trying to drink from a fire hydrant, trying to get valid information from it.
 
Jeewhiz, thanks for those links. interesting stuff. :)

i've also tried netstat, it's good to see all the Active Internet connections, but is there any way to just show them and not the 'Active LOCAL (UNIX) domain sockets'?

i just tried tcpdump in Terminal as well & got: "tcpdump: (no devices found) /dev/bpf0: Permission denied"?

i've got MenuMeters, they're really good. i'm just looking for something a little extra. i don't know what, but i'll know when i find it. :p

i also found something that might be useful called X Resource Graph. i still have to try it out, but it looks like it might be good. :)
 
On tcpdump, you have to specify what network interface to scan. On my machine, en0(thats a zero) is ethernet and en1 is airport. Also, ppp0 is my modem. There's a command to see what interfaces are active on your machine but I forget what it is right now. Also, you have to be root to use tcpdump, i guess because it provides such direct access to what's coming in. So 'sudo tcpdump'

As I said before, you'll have to read 'man tcpdump' before you can get it to do anything useful.
 
thanks Simon. i keep forgetting about the man pages. :)

i just tried 'sudo tcpdump eth0' in Terminal & it said 'tcpdump: parse error'? 'sudo tcpdump works though, but i tried that in GeekTool and it doesn't seem to be working?

any GeekTool people know how to get it to show a command that uses 'sudo'?
 
cb911 said:
thanks Simon. i keep forgetting about the man pages. :)

i just tried 'sudo tcpdump eth0' in Terminal & it said 'tcpdump: parse error'? 'sudo tcpdump works though, but i tried that in GeekTool and it doesn't seem to be working?

any GeekTool people know how to get it to show a command that uses 'sudo'?
Click to expand...

It's not like linux : it's en0 and not eth0 :D
 
cb911 said:
Jeewhiz, thanks for those links. interesting stuff. :)

i've also tried netstat, it's good to see all the Active Internet connections, but is there any way to just show them and not the 'Active LOCAL (UNIX) domain sockets'?

i just tried tcpdump in Terminal as well & got: "tcpdump: (no devices found) /dev/bpf0: Permission denied"?

i've got MenuMeters, they're really good. i'm just looking for something a little extra. i don't know what, but i'll know when i find it. :p

i also found something that might be useful called X Resource Graph. i still have to try it out, but it looks like it might be good. :)
Click to expand...

Try netstat -i. This will show you active interfaces. Also, netstat -I (interface) will show you only a particular interface. If you do not know the interface names, like en0, type ifconfig which will display all of them.

A good example is netstat -b -I en0 will show you bytes in/out on your main Ethernet device.

Do a man netstat to view the information on netstat. There is quite a bit you can do with it.
 
hehe. thanks blaster_boy. :) funny how OS X has so much in common with UNIX, and then there's the smallest things that are different.

i tried 'sudo tcpdump en0' but i still got the parse error? :confused:

KershMan, thanks. i'll have to read up on the man pages.
i also just tried 'netstat -i' and it said:
'netstat: kvm not available'
'ifnet: symbol not defined'

any ideas what's going on there?

i've also been using X Resource Graph today, it's pretty good. just that i dont' know where to put it. everywhere seems to cover some important tools for every app. :rolleyes:
 
cb911 said:
hehe. thanks blaster_boy. :) funny how OS X has so much in common with UNIX, and then there's the smallest things that are different.

i tried 'sudo tcpdump en0' but i still got the parse error? :confused:

KershMan, thanks. i'll have to read up on the man pages.
i also just tried 'netstat -i' and it said:
'netstat: kvm not available'
'ifnet: symbol not defined'

any ideas what's going on there?

i've also been using X Resource Graph today, it's pretty good. just that i dont' know where to put it. everywhere seems to cover some important tools for every app. :rolleyes:
Click to expand...

sudo tcpdump -i en0

the -i flag specifies the interface you want to use.

netstat -i also worked for me, and I'm not sure what that error means. Maybe Developer Package is needed, not sure.
 
Instead of getting just snort, and doing all the compiling, and then the configuring, try henwen - it's snort but already compiled and with a graphical front-end as well as a small app that lets you know when an attempt is made.

However, not sure if it will really help you do what you wanted - getting an overview of your network traffic...
 
i head about Snort and HenWen a while back... never got around to using them.

i've got snort-2.1.2.tar, now how do i go about using it? any tutorial on getting Snort running? i'd like to learn, and i guess the output for Snort is available in Terminal? and that'd be good, becuase then i can use GeekTool to display the output to the Desktop. :)

HenWen only uses Snort 2.0.6, not the most up-to-date.

so i've got the DevTools installed, anyone help me to get Snort running? :)
 
Compiling something is basically :
- running 'configure' to adapt the program to be compiled to your environment
- running 'make' to compile the program
- running 'make install' to install the compiled binaries into your path

well, what worked for me for snort (this is from memory,as I am at work, so perhaps a bit vague) :

0/ untar it in your home directory under a dir called snort or whatever. There's a README and an INSTALL in there somewhere, if you really want to learn you need to read them. One of them contains the configure options you can pass to snort...

1/ in Terminal, cd into the directory and type ./configure
(the ./ is if you're using the bash shell, and is needed to launch the configure script)
(if you want to use mysql to store your output warning, you need to compile snort with mysql support -> you need mysql -> install mysql (Mac OS X complete sql) before compiling snort)

2/ this configure script will check if everything is correctly installed - if it can't find something it will bork out and tell you it needs something, perhaps libnet or libnids -> go and find them, download and install

3/ if the configure script terminates correctly -> run 'make' and go make yourself a cuppa tea. Once it has finished, run 'sudo make install' to install the compiled binaries (usually under /usr/local )

You should now be able to run the snort program (perhaps you still need to adapt your path in the terminal).

Sure you don't want to use henwen ????
 
thanks for explaining that. :)

but i'd rather not use HenWen, i'm trying to learn all about this kind of stuff. believe it or not, i've got Gentoo installed on my PowerBook. i guess i was hoping for something like 'emerge' in OS X. :p but i'll just do some reading and hopefully it will work. :)
 
ntop sound like what i'm looking for! :D thanks.

i'm trying to get it from MacUpdate: http://www.macupdate.com/info.php/id/8448
on that page it says it's 3.9MB, but when i click the 'download' link it says 'can't read file', but if i right-click and 'download linked file as...' it starts the download, but it says it's 11.7MB? :confused:

i'm especialy paranoid now with all this talk of trojans and viruses.. :eek:
 
cool. :) i'm getting ethereal now... i'll have to check it out later.

also, Ethereal is a GUI app, correct? how do i launch the GUI, just by typing 'ethereal' in Ternimal? i've quickly had a look at the online man pages, but i couldn't find anything about it...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back