UNIX commands for monitoring network

Discussion in 'Mac Apps and Mac App Store' started by cb911, Apr 4, 2004.

  1. cb911 macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #1
    i'm just wondering if there are any UNIX commands that will let me monitor my network, and refresh. like 'top' but for my network.

    i'm just looking for a command that shows current throughput (in B/s or K/s) and total amount recieved/sent. is there a command that does that? or do i have to use a thrid party app? i've searched and haven't come up with such a command yet... :(

    anyone help me out?
     
  2. Jeewhizz macrumors regular

    Joined:
    Nov 30, 2003
    Location:
    London, UK
  3. KershMan macrumors 6502

    Joined:
    Feb 10, 2003
    Location:
    VA, USA
    #3
    Try netstat. Type man netstat in a terminal to get the full listing of information you can receive. This is a great command to monitor your network interfaces.
     
  4. Simon Liquid macrumors regular

    Joined:
    Jul 4, 2001
    Location:
    Iowa
    #4
    Then there's tcpdump. Unless you take some time to get familiar with the options, it can be a little like trying to drink from a fire hydrant, trying to get valid information from it.
     
  5. crenz macrumors 6502a

    crenz

    Joined:
    Jul 3, 2003
    Location:
    Shanghai, China
    #5
    MenuMeters displays that data nicely as well.
     
  6. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #6
    Jeewhiz, thanks for those links. interesting stuff. :)

    i've also tried netstat, it's good to see all the Active Internet connections, but is there any way to just show them and not the 'Active LOCAL (UNIX) domain sockets'?

    i just tried tcpdump in Terminal as well & got: "tcpdump: (no devices found) /dev/bpf0: Permission denied"?

    i've got MenuMeters, they're really good. i'm just looking for something a little extra. i don't know what, but i'll know when i find it. :p

    i also found something that might be useful called X Resource Graph. i still have to try it out, but it looks like it might be good. :)
     
  7. Simon Liquid macrumors regular

    Joined:
    Jul 4, 2001
    Location:
    Iowa
    #7
    On tcpdump, you have to specify what network interface to scan. On my machine, en0(thats a zero) is ethernet and en1 is airport. Also, ppp0 is my modem. There's a command to see what interfaces are active on your machine but I forget what it is right now. Also, you have to be root to use tcpdump, i guess because it provides such direct access to what's coming in. So 'sudo tcpdump'

    As I said before, you'll have to read 'man tcpdump' before you can get it to do anything useful.
     
  8. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #8
    thanks Simon. i keep forgetting about the man pages. :)

    i just tried 'sudo tcpdump eth0' in Terminal & it said 'tcpdump: parse error'? 'sudo tcpdump works though, but i tried that in GeekTool and it doesn't seem to be working?

    any GeekTool people know how to get it to show a command that uses 'sudo'?
     
  9. blaster_boy macrumors 6502

    blaster_boy

    Joined:
    Jan 31, 2004
    Location:
    Belgium
    #9
    It's not like linux : it's en0 and not eth0 :D
     
  10. KershMan macrumors 6502

    Joined:
    Feb 10, 2003
    Location:
    VA, USA
    #10
    Try netstat -i. This will show you active interfaces. Also, netstat -I (interface) will show you only a particular interface. If you do not know the interface names, like en0, type ifconfig which will display all of them.

    A good example is netstat -b -I en0 will show you bytes in/out on your main Ethernet device.

    Do a man netstat to view the information on netstat. There is quite a bit you can do with it.
     
  11. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #11
    hehe. thanks blaster_boy. :) funny how OS X has so much in common with UNIX, and then there's the smallest things that are different.

    i tried 'sudo tcpdump en0' but i still got the parse error? :confused:

    KershMan, thanks. i'll have to read up on the man pages.
    i also just tried 'netstat -i' and it said:
    'netstat: kvm not available'
    'ifnet: symbol not defined'

    any ideas what's going on there?

    i've also been using X Resource Graph today, it's pretty good. just that i dont' know where to put it. everywhere seems to cover some important tools for every app. :rolleyes:
     
  12. tomf87 macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #12
    sudo tcpdump -i en0

    the -i flag specifies the interface you want to use.

    netstat -i also worked for me, and I'm not sure what that error means. Maybe Developer Package is needed, not sure.
     
  13. blaster_boy macrumors 6502

    blaster_boy

    Joined:
    Jan 31, 2004
    Location:
    Belgium
    #14
    Instead of getting just snort, and doing all the compiling, and then the configuring, try henwen - it's snort but already compiled and with a graphical front-end as well as a small app that lets you know when an attempt is made.

    However, not sure if it will really help you do what you wanted - getting an overview of your network traffic...
     
  14. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #15
    i head about Snort and HenWen a while back... never got around to using them.

    i've got snort-2.1.2.tar, now how do i go about using it? any tutorial on getting Snort running? i'd like to learn, and i guess the output for Snort is available in Terminal? and that'd be good, becuase then i can use GeekTool to display the output to the Desktop. :)

    HenWen only uses Snort 2.0.6, not the most up-to-date.

    so i've got the DevTools installed, anyone help me to get Snort running? :)
     
  15. blaster_boy macrumors 6502

    blaster_boy

    Joined:
    Jan 31, 2004
    Location:
    Belgium
    #16
    Compiling something is basically :
    - running 'configure' to adapt the program to be compiled to your environment
    - running 'make' to compile the program
    - running 'make install' to install the compiled binaries into your path

    well, what worked for me for snort (this is from memory,as I am at work, so perhaps a bit vague) :

    0/ untar it in your home directory under a dir called snort or whatever. There's a README and an INSTALL in there somewhere, if you really want to learn you need to read them. One of them contains the configure options you can pass to snort...

    1/ in Terminal, cd into the directory and type ./configure
    (the ./ is if you're using the bash shell, and is needed to launch the configure script)
    (if you want to use mysql to store your output warning, you need to compile snort with mysql support -> you need mysql -> install mysql (Mac OS X complete sql) before compiling snort)

    2/ this configure script will check if everything is correctly installed - if it can't find something it will bork out and tell you it needs something, perhaps libnet or libnids -> go and find them, download and install

    3/ if the configure script terminates correctly -> run 'make' and go make yourself a cuppa tea. Once it has finished, run 'sudo make install' to install the compiled binaries (usually under /usr/local )

    You should now be able to run the snort program (perhaps you still need to adapt your path in the terminal).

    Sure you don't want to use henwen ????
     
  16. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #17
    thanks for explaining that. :)

    but i'd rather not use HenWen, i'm trying to learn all about this kind of stuff. believe it or not, i've got Gentoo installed on my PowerBook. i guess i was hoping for something like 'emerge' in OS X. :p but i'll just do some reading and hopefully it will work. :)
     
  17. porovaara macrumors regular

    Joined:
    Mar 7, 2002
    Location:
    sf
  18. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #19
    ntop sound like what i'm looking for! :D thanks.

    i'm trying to get it from MacUpdate: http://www.macupdate.com/info.php/id/8448
    on that page it says it's 3.9MB, but when i click the 'download' link it says 'can't read file', but if i right-click and 'download linked file as...' it starts the download, but it says it's 11.7MB? :confused:

    i'm especialy paranoid now with all this talk of trojans and viruses.. :eek:
     
  19. csubear macrumors 6502a

    csubear

    Joined:
    Aug 22, 2003
    #20
    ethereal is by far the best, its X11, and you can get it off fink
     
  20. cb911 thread starter macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #21
    cool. :) i'm getting ethereal now... i'll have to check it out later.

    also, Ethereal is a GUI app, correct? how do i launch the GUI, just by typing 'ethereal' in Ternimal? i've quickly had a look at the online man pages, but i couldn't find anything about it...
     

Share This Page