10-F.11.5: Network Troubleshooting Commands - iftop / iperf / mtr

Last updated
Save as PDF

Page ID: 40979

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

The iftop Command

iftop monitors network traffic and displays a table of current bandwidth usage. An interface may be specified or, if not, it will listen on the first interface it finds which looks like an external interface. iftop must be run with sufficient permissions to monitor all network traffic; on most systems this means that it must be run as a root user.

By default, iftop will look up hostnames associated with addresses and count all IP packets that pass through the filter. Hostname look-up can add substantial traffic, in and of itself, and may result in an inaccurate display of network traffic.

Syntax:

iftop [ OPTIONS ]

Command Options:

Options	Meaning
-h	Print a summary of usage.
-n	Don't do hostname lookups.
-N	Do not resolve port number to service names
-p	Run in promiscuous mode, so that traffic which does not pass directly through the specified interface is also counted.
-P	Turn on port display.
-l	Display and count datagrams addressed to or from link-local IPv6 addresses. The default is not to display that address category.
-b	Don't display bar graphs of traffic.
-B	Display bandwidth rates in bytes/sec rather than bits/sec.
-i interface	Listen to packets on interface.

In the example, if we look on the top address:

                19.1Mb       38.1Mb          57.2Mb            76.3Mb   95.4Mb
|_______________|____________|_______________|_________________|______________
pbmacrserver.local     => tglrden.search.spotxchang     0b     2.01Kb      515b
                       <=                               0b     1.39Kb      355b
pbmacrserver.local     => ec2713756754713.usrwestrl     0b     1.88Kb      491b
                       <=                               0b      310b        90b
224.8.8.251            => Chromecast.local              0b        0b         0b
                       <=                               0b     1.85Kb      481b
pbmacrserver.local     => 199.244.58.41                 0b     1.81Kb    1.81Kb
                       <=                               0b      342b      342b
pbmacrserver.local     => pgrin7f189.1e188.net       2.78Kb     552b      140b
                       <=                            1.58Kb     386b       98b
pbmacrserver.local     => 5f08358871n7f35.1e188.net     0b      385b       87b
                       <=                               0b      534b      144b
224.8.8.251            => 192.168.1.21                  0b        0b        0b
                       <=                               0b      611b      280b
pbmacrserver.local     => Chromecast.local              0b      341b      341b
                       <=                               0b      250b      250b
pbmacrserver.local     => dns.google                    0b      111b       50b
                       <=                               0b      195b      lllb
_______________________________________________________________________________
TX:         cum:  443KB  peak: 25.6Kb rates:         3.25Kb    6.77Kb.    4.24Kb
RX'              1.84MB        28.4Kb.               1.82Kb    6.13Kb     4.32Kb
TOTAL:           2.27MB        35.5Kb                5.87Kb    12.9Kb     8.56Kb

pbmac-server.local in the preceding 2 seconds is sent 0KB of data to the host tfl-den.search.spotxchang
In the preceding 10 seconds pbmac-server.local is sent 2.01Kb data
In the preceding 40 seconds pbmac-server.local515b data

At the same time :

tfl-den.search.spotxchang in the preceding 2 seconds is sent 0Kb data to pbmac-server.local
In the preceding 10 seconds it sent 1.39Kb data
In the preceding 40 seconds it sent 355b data

At the bottom line, iftop show us the results:

Cumulative TX and RX kilobytes transmitted
Peak TX and RX data over the last 40 seconds
Total transfer rates averaged over 2 seconds, 10 seconds and 40 seconds

The iperf Command

Iperf is a widely used tool for network performance measurement and tuning. It is significant as a cross-platform tool that can produce standardized performance measurements for any network. Iperf has client and server functionality, and can create data streams to measure the throughput between the two ends in one or both directions. Typical iperf output contains a time-stamped report of the amount of data transferred and the throughput measured.

The data streams can be either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP):

UDP: When used for testing UDP capacity, iperf allows the user to specify the datagram size and provides results for the datagram throughput and the packet loss.
TCP: When used for testing TCP capacity, iperf measures the throughput of the payload. Iperf uses 1024 × 1024 for mebibytes and 1000 × 1000 for megabytes.

Syntax:

iperf { -c | -s } [ OPTIONS ]

Command Options:

Options	Meaning
-f, --format	[kmKM] format to report: Kbits, Mbits, KBytes, MBytes
-h, --help	print a help synopsis
-i, --interva	l n pause n seconds between periodic bandwidth reports
-l, --len n[KM]	set length read/write buffer to n (default 8 KB)
-m, --print_mss	print TCP maximum segment size (MTU - TCP/IP header)
-o, --output <filename>	output the report or error message to this specified file
-p, --port n	set server port to listen on/connect to to n (default 5001)
-u, --udp	use UDP rather than TCP
-w, --window n[KM]	TCP window size (socket buffer size)
-B, --bind <host>	bind to <host>, an interface or multicast address
-C, --compatibility	for use with older versions does not sent extra msgs
-M, --mss n	set TCP maximum segment size (MTU - 40 bytes)
-N, --nodelay	set TCP no delay, disabling Nagle's Algorithm
-v, --version	print version information and quit
-V, --IPv6Version	Set the domain to IPv6

The -c or -s option must be used with other OPTIONS.

The following example shows the test of the bandwidth measurements between the local server and the remote server:

pbmac@pbmac-server $ iperf -c www.deltacollege.edu -u 100
iperf: ignoring extra argument -- 100
------------------------------------------------------------
Client connecting to www.deltacollege.edu, UDP port 5001
Sending 1470 byte datagrams, IPG target: 11215.21 us (kalman adjust)
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
[  3] local 192.168.1.6 port 49584 connected with 52.36.131.229 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec
[  3] Sent 893 datagrams
[  3] WARNING: did not receive ack of last datagram after 10 tries.

The mtr Command

MTR relies on Internet Control Message Protocol (ICMP) Time Exceeded packets coming back from routers, or ICMP Echo Reply packets when the packets have hit their destination host. MTR also has a User Datagram Protocol (UDP) mode that sends UDP packets, with the time to live (TTL) field in the IP header increasing by one for each probe sent, toward the destination host. When the UDP mode is used, MTR relies on ICMP port unreachable packets when the destination is reached.

The tool is often used for network troubleshooting. By showing a list of routers traversed, and the average round-trip time as well as packet loss to each router, it allows users to identify links between two given routers responsible for certain fractions of the overall latency or packet loss through the network. This can help identify network overuse problems.

Syntax:

mtr [ OPTIONS ] HOSTNAME

Command Options:

Options	Meaning
-h --help	Print the summary of command line argument options.
-v --version	Print the installed version of mtr.
-r --report	This option puts mtr into report mode. When in this mode, mtr will run for the number of cycles specified by the -c option, and then print statistics and exit. This mode is useful for generating statistics about network quality. Note that each running instance of mtr generates a significant amount of network traffic. Using mtr to measure the quality of your network may result in decreased network performance.
-w --report-wide	This option puts mtr into wide report mode. When in this mode, mtr will not cut hostnames in the report.
-c COUNT --report-cycles COUNT	Use this option to set the number of pings sent to determine both the machines on the network and the reliability of those machines. Each cycle lasts one second.
-s BYTES --psize BYTES PACKETSIZE	These options or a trailing PACKETSIZE on the commandline sets the packet size used for probing. It is in bytes inclusive IP and ICMP headers If set to a negative number, every iteration will use a different, random packetsize upto that number.
-n --no-dns	Use this option to force mtr to display numeric IP numbers and not try to resolve the host names.

The columns in the output are relatively self explanatory: 1) Host - the remote system; 2) Packets Loss % - percent of packets that got no ack; 3) Packets Snt - number of packets sent; 4) Last - round trip time of the last packet; 5) Avg - the average time; 6) Best - the shortest round trip time; 7) Wrst - the slowest time; and 8) StDev - the standard deviation in the ping times.

                               My traceroute [v8.92]

PbmacUbuntu (192.168.1.6) 
Keys:  Help   Display mode     Restart statistics  Order of fields   quit
Packets Pings
Host                               Loss%   Snt   Last  Avg  Best   Wrst StDev
1. _gateway                         9.9%   663    8.7  7.1   3.2   16.1   1.6
2. 96.128.86.49                     0.0%   663   15.6 15.3  11.1   36.9   2.2
3. aer25271216rrur82.park.ca.ccal.c 8.8%   663   16.1 16.8  11.5   57.1   4.1
4. aer38rar81.sacramento.ca.ccal.co 8.8%   663   15.4 18.7  14.6   77.4   6.2
5. ber364317cs83.sunnyvale.c .ibone 8.8%   663   28.8 21.8  18.1   72.4   2.9
6. ber1312rcr12.sunnyvale.ca ibone. 29.3%  663   18.4 21.8  16.5   41.1   3.2
7. ber384rcr81.99reatoaks.ca.ibone. 8.8%   662   28.4 21.6  17.3   36.5   2.4
8. ber24117pe11.99reatoaks.ca.ibone 8.8%   662   22.1 21.2  15.4   34.4   2.1
9. 58.288.233.46                    8.8%   662   19.8 28.6  15.1   53.9   2.5
18. 216.239.48.18                   8.8%   662   21.8 23.2  17.9  113.7   6.4
11. 289.85.248.35                   8.8%   662   19.8 28.5  17.2   38.7   2.8
12. sfo87sl7rin7f14.1e188.net       8.8%   662   28.2 28.5  14.7   47.1   2.3

Adapted from:
"iftop" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0
"Iperf" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0
"MTR (software)" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0