Network_monitoring

Chapter 18: Network Monitoring

---

18.1 Introduction to Network Monitoring

Network monitoring involves tracking network performance, availability, and security.

                    Network Monitoring Overview
+------------------------------------------------------------------+

Why Monitor?
+------------------------------------------------------------------+
|  - Detect issues before users notice                           |
|  - Plan capacity                                                |
|  - Troubleshoot problems                                        |
|  - Security detection                                           |
|  - Performance optimization                                     |
+------------------------------------------------------------------+

What to Monitor:
+------------------------------------------------------------------+
|  - Bandwidth utilization                                        |
|  - Latency                                                      |
|  - Packet loss                                                  |
|  - CPU/Memory of network devices                                |
|  - Service availability                                         |
|  - Error rates                                                  |
|  - Security events                                              |
+------------------------------------------------------------------+

Monitoring Types:
+------------------------------------------------------------------+
|  Type          | Description                                       |
|----------------|--------------------------------------------------|
| Active         | Sends probes/tests                               |
| Passive        | Monitors existing traffic                       |
| Real-time     | Live data                                       |
| Historical    | Long-term trends                                |
+------------------------------------------------------------------+

+------------------------------------------------------------------+

---

18.2 Basic Network Tools

ping

# Basic ping
ping 8.8.8.8
ping google.com

# Continuous ping
ping -c 10 8.8.8.8

# Interval (seconds)
ping -i 0.2 8.8.8.8

# Flood ping (requires root)
sudo ping -f 8.8.8.8

# Packet size
ping -s 1000 8.8.8.8

# IPv6
ping -6 ipv6.google.com

traceroute / tracepath

# Trace route
traceroute 8.8.8.8
tracepath 8.8.8.8

# IPv6
traceroute -6 ipv6.google.com

# Don't resolve hostnames
traceroute -n 8.8.8.8

# Set probes
traceroute -q 1 8.8.8.8

# Use ICMP
traceroute -I 8.8.8.8

mtr (My Traceroute)

# Interactive traceroute with statistics
mtr 8.8.8.8

# Report mode
mtr -c 10 -r 8.8.8.8

# CSV output
mtr -c 10 --csv 8.8.8.8

# No DNS resolution
mtr -n 8.8.8.8

---

18.3 Network Statistics

netstat / ss

# View all connections
ss -tunap
netstat -tunap

# Show listening ports
ss -tulnp
netstat -tulnp

# Show routing table
ss -r
netstat -r

# Show statistics
ss -s
netstat -s

# TCP connections
ss -tn

# UDP sockets
ss -un

ifstat / nload

# Install
sudo pacman -S ifstat nload

# Network interface statistics
ifstat -i eth0

# Continuous monitoring
nload

# Specific interface
nload eth0

# Show all interfaces
nload -m

---

18.4 Packet Capture

tcpdump

# Install
sudo pacman -S tcpdump

# Capture on interface
sudo tcpdump -i eth0

# Capture specific host
sudo tcpdump host 192.168.1.1

# Capture specific port
sudo tcpdump port 80
sudo tcpdump port 443

# Capture specific protocol
sudo tcpdump icmp
sudo tcpdump tcp

# Capture with packet content
sudo tcpdump -X -i eth0

# Capture specific number of packets
sudo tcpdump -c 100 -i eth0

# Write to file
sudo tcpdump -w capture.pcap -i eth0

# Read from file
tcpdump -r capture.pcap

# Filter by source/dest
sudo tcpdump src 192.168.1.10
sudo tcpdump dst 8.8.8.8

# Combine filters
sudo tcpdump -i eth0 host 192.168.1.10 and port 80

tshark (Wireshark CLI)

# Install
sudo pacman -S wireshark-cli

# Capture packets
sudo tshark -i eth0

# Filter capture
sudo tshark -i eth0 tcp.port == 80

# Write to file
sudo tshark -w capture.pcap

# Read from file
tshark -r capture.pcap

# Extract specific fields
tshark -r capture.pcap -e ip.src -e ip.dst -T fields

---

18.5 Bandwidth Testing

speedtest-cli

# Install
sudo pacman -S speedtest-cli

# Run test
speedtest-cli

# Simple output
speedtest-cli --simple

# Share results (image URL)
speedtest-cli --share

iperf

# Install
sudo pacman -S iperf

# Server (on one machine)
iperf -s

# Client (from another machine)
iperf -c <server-ip>

# TCP bandwidth test
iperf -c 192.168.1.1

# UDP test
iperf -u -c 192.168.1.1

# Bi-directional test
iperf -c 192.168.1.1 -d

# Parallel streams
iperf -c 192.168.1.1 -P 4

---

18.6 Network Monitoring Tools

nmap (Network Scanner)

# Install
sudo pacman -S nmap

# Scan single host
nmap 192.168.1.1

# Scan network
nmap 192.168.1.0/24

# Service version detection
nmap -sV 192.168.1.1

# OS detection
nmap -O 192.168.1.1

# Scan ports
nmap -p 80,443 192.168.1.1
nmap -p- 192.168.1.1

# Common ports scan
nmap --top-ports 20 192.168.1.1

# Aggressive scan
nmap -A 192.168.1.1

# No ping (skip discovery)
nmap -Pn 192.168.1.1

netcat

# Test port connectivity
nc -zv 192.168.1.1 80

# Port scanner
nc -zv 192.168.1.1 20-100

# Chat server
nc -l -p 12345

# Connect to chat server
nc <server-ip> 12345

# File transfer
nc -l -p 12345 > file.txt   # Receiver
nc <receiver-ip> 12345 < file.txt  # Sender

---

18.7 System Monitoring

htop / nmon

# Install
sudo pacman -S htop nmon

# Run
htop
nmon

# Network-specific
nmon -n

/proc/net/*

# Network statistics
cat /proc/net/snmp
cat /proc/net/netstat

# Wireless stats
cat /proc/net/wireless

# Network interfaces
cat /proc/net/dev

---

18.8 Network Monitoring Systems

                    Monitoring Tools
+------------------------------------------------------------------+

| Tool        | Type          | Description                          |
|-------------|---------------|--------------------------------------|
| Nagios      | Infrastructure| Classic monitoring                   |
| Zabbix      | Infrastructure| Enterprise monitoring               |
| Prometheus  | Metrics       | Modern time-series DB               |
| Grafana     | Visualization | Dashboards                          |
| Cacti       | SNMP          | Graphing                             |
| SmokePing   | Latency       | RRD-based latency monitor          |
| Wireshark   | Packet Analysis| Network analyzer                    |
+------------------------------------------------------------------+

Simple Prometheus + Grafana Setup:
+------------------------------------------------------------------+

# Run Prometheus
docker run -d --name=prometheus -p 9090:9090 \
  -v /etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml \
  prom/prometheus

# prometheus.yml
global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'node'
    static_configs:
      - targets: ['localhost:9100']

# Install node_exporter
sudo pacman -S node_exporter
sudo systemctl enable node_exporter
sudo systemctl start node_exporter

# Run Grafana
docker run -d --name=grafana -p 3000:3000 grafana/grafana

# Access Grafana at http://localhost:3000
# Add Prometheus datasource
# Import dashboard (Node Exporter)

+------------------------------------------------------------------+

+------------------------------------------------------------------+

---

Summary

In this chapter, you learned:

• ✅ Basic network tools (ping, traceroute, mtr)
• ✅ Network statistics (netstat, ss)
• ✅ Packet capture (tcpdump, tshark)
• ✅ Bandwidth testing (speedtest, iperf)
• ✅ Network scanning (nmap, netcat)
• ✅ System monitoring (/proc)
• ✅ Monitoring systems (Prometheus, Grafana)

---

Next Chapter

Chapter 19: Load Balancing

---

Last Updated: February 2026