How can I track the load on the virtual network interface in linups?
2 answers
The most trivial solution (total volumes only) is to take readings of counters (octets and / or packets) from the interface in a certain time interval and find the difference. The old kernels do not have any syscoll for getting 64-bit counters, so the easiest way to look at
/proc/net/dev:cat /proc/net/dev | awk '{ if (/^[[:space:]]*eth0:/) { print $2 + 10 } }'cat /proc/net/dev | awk '{ if (/^[[:space:]]*eth0:/) { print $2 + 10 } }'For new ones (from about two years ago), you can communicate via netlink using
RTM_GETLINKwithIFLA_STATS64. The documentation on netlink is , alas, scanty and fragmented, but examples can be found, say, in theiproute2code.Monitoring occurring connections:
netstat -t -u -c.This is implemented through conntrack events. A netlink socket is created that joins the NF_CT_NETLINK group, and there will be fly messages about changes in the connection table.
Package monitoring (optional, by connections): iptraf , iftop
Implemented, as a rule, with sniffers, via libpcap. At least, iftop, uses it.
drdaeman drdaeman
8,605 14 silver marks 35 bronze marks
- iptraf is from / proc / net / dev? - alexlz
- No, it opens a "raw" socket and works with a sniffer. Here more: http://iptraf.seul.org/techinfo.html . There are no connections in
/proc/net/devat all, there are only interface statistics. Connections, however, can be found in/proc/net/nf_conntrack(if conntrack is not disabled, of course). - drdaeman
|
Wireshark, tcpdump. If you just want graphs, for example, through the "System Monitor" - in Ubuntu it is called that.
Evgeney Kuznetsov Evgeney Kuznetsov
197 10 bronze marks
|