10-F.11.5: Network Troubleshooting Commands - iftop / iperf / mtr
- Page ID
- 40979
\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)
\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)
\( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)
( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)
\( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)
\( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)
\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)
\( \newcommand{\Span}{\mathrm{span}}\)
\( \newcommand{\id}{\mathrm{id}}\)
\( \newcommand{\Span}{\mathrm{span}}\)
\( \newcommand{\kernel}{\mathrm{null}\,}\)
\( \newcommand{\range}{\mathrm{range}\,}\)
\( \newcommand{\RealPart}{\mathrm{Re}}\)
\( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)
\( \newcommand{\Argument}{\mathrm{Arg}}\)
\( \newcommand{\norm}[1]{\| #1 \|}\)
\( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)
\( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)
\( \newcommand{\vectorA}[1]{\vec{#1}} % arrow\)
\( \newcommand{\vectorAt}[1]{\vec{\text{#1}}} % arrow\)
\( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)
\( \newcommand{\vectorC}[1]{\textbf{#1}} \)
\( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)
\( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)
\( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)
\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)
\( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)
\(\newcommand{\avec}{\mathbf a}\) \(\newcommand{\bvec}{\mathbf b}\) \(\newcommand{\cvec}{\mathbf c}\) \(\newcommand{\dvec}{\mathbf d}\) \(\newcommand{\dtil}{\widetilde{\mathbf d}}\) \(\newcommand{\evec}{\mathbf e}\) \(\newcommand{\fvec}{\mathbf f}\) \(\newcommand{\nvec}{\mathbf n}\) \(\newcommand{\pvec}{\mathbf p}\) \(\newcommand{\qvec}{\mathbf q}\) \(\newcommand{\svec}{\mathbf s}\) \(\newcommand{\tvec}{\mathbf t}\) \(\newcommand{\uvec}{\mathbf u}\) \(\newcommand{\vvec}{\mathbf v}\) \(\newcommand{\wvec}{\mathbf w}\) \(\newcommand{\xvec}{\mathbf x}\) \(\newcommand{\yvec}{\mathbf y}\) \(\newcommand{\zvec}{\mathbf z}\) \(\newcommand{\rvec}{\mathbf r}\) \(\newcommand{\mvec}{\mathbf m}\) \(\newcommand{\zerovec}{\mathbf 0}\) \(\newcommand{\onevec}{\mathbf 1}\) \(\newcommand{\real}{\mathbb R}\) \(\newcommand{\twovec}[2]{\left[\begin{array}{r}#1 \\ #2 \end{array}\right]}\) \(\newcommand{\ctwovec}[2]{\left[\begin{array}{c}#1 \\ #2 \end{array}\right]}\) \(\newcommand{\threevec}[3]{\left[\begin{array}{r}#1 \\ #2 \\ #3 \end{array}\right]}\) \(\newcommand{\cthreevec}[3]{\left[\begin{array}{c}#1 \\ #2 \\ #3 \end{array}\right]}\) \(\newcommand{\fourvec}[4]{\left[\begin{array}{r}#1 \\ #2 \\ #3 \\ #4 \end{array}\right]}\) \(\newcommand{\cfourvec}[4]{\left[\begin{array}{c}#1 \\ #2 \\ #3 \\ #4 \end{array}\right]}\) \(\newcommand{\fivevec}[5]{\left[\begin{array}{r}#1 \\ #2 \\ #3 \\ #4 \\ #5 \\ \end{array}\right]}\) \(\newcommand{\cfivevec}[5]{\left[\begin{array}{c}#1 \\ #2 \\ #3 \\ #4 \\ #5 \\ \end{array}\right]}\) \(\newcommand{\mattwo}[4]{\left[\begin{array}{rr}#1 \amp #2 \\ #3 \amp #4 \\ \end{array}\right]}\) \(\newcommand{\laspan}[1]{\text{Span}\{#1\}}\) \(\newcommand{\bcal}{\cal B}\) \(\newcommand{\ccal}{\cal C}\) \(\newcommand{\scal}{\cal S}\) \(\newcommand{\wcal}{\cal W}\) \(\newcommand{\ecal}{\cal E}\) \(\newcommand{\coords}[2]{\left\{#1\right\}_{#2}}\) \(\newcommand{\gray}[1]{\color{gray}{#1}}\) \(\newcommand{\lgray}[1]{\color{lightgray}{#1}}\) \(\newcommand{\rank}{\operatorname{rank}}\) \(\newcommand{\row}{\text{Row}}\) \(\newcommand{\col}{\text{Col}}\) \(\renewcommand{\row}{\text{Row}}\) \(\newcommand{\nul}{\text{Nul}}\) \(\newcommand{\var}{\text{Var}}\) \(\newcommand{\corr}{\text{corr}}\) \(\newcommand{\len}[1]{\left|#1\right|}\) \(\newcommand{\bbar}{\overline{\bvec}}\) \(\newcommand{\bhat}{\widehat{\bvec}}\) \(\newcommand{\bperp}{\bvec^\perp}\) \(\newcommand{\xhat}{\widehat{\xvec}}\) \(\newcommand{\vhat}{\widehat{\vvec}}\) \(\newcommand{\uhat}{\widehat{\uvec}}\) \(\newcommand{\what}{\widehat{\wvec}}\) \(\newcommand{\Sighat}{\widehat{\Sigma}}\) \(\newcommand{\lt}{<}\) \(\newcommand{\gt}{>}\) \(\newcommand{\amp}{&}\) \(\definecolor{fillinmathshade}{gray}{0.9}\)The iftop Command
iftop monitors network traffic and displays a table of current bandwidth usage. An interface may be specified or, if not, it will listen on the first interface it finds which looks like an external interface. iftop must be run with sufficient permissions to monitor all network traffic; on most systems this means that it must be run as a root user.
By default, iftop will look up hostnames associated with addresses and count all IP packets that pass through the filter. Hostname look-up can add substantial traffic, in and of itself, and may result in an inaccurate display of network traffic.
Syntax:
iftop [ OPTIONS ]
Command Options:
Options | Meaning |
---|---|
-h | Print a summary of usage. |
-n | Don't do hostname lookups. |
-N | Do not resolve port number to service names |
-p | Run in promiscuous mode, so that traffic which does not pass directly through the specified interface is also counted. |
-P | Turn on port display. |
-l | Display and count datagrams addressed to or from link-local IPv6 addresses. The default is not to display that address category. |
-b | Don't display bar graphs of traffic. |
-B | Display bandwidth rates in bytes/sec rather than bits/sec. |
-i interface | Listen to packets on interface. |
In the example, if we look on the top address:
19.1Mb 38.1Mb 57.2Mb 76.3Mb 95.4Mb |_______________|____________|_______________|_________________|______________ pbmacrserver.local => tglrden.search.spotxchang 0b 2.01Kb 515b <= 0b 1.39Kb 355b pbmacrserver.local => ec2713756754713.usrwestrl 0b 1.88Kb 491b <= 0b 310b 90b 224.8.8.251 => Chromecast.local 0b 0b 0b <= 0b 1.85Kb 481b pbmacrserver.local => 199.244.58.41 0b 1.81Kb 1.81Kb <= 0b 342b 342b pbmacrserver.local => pgrin7f189.1e188.net 2.78Kb 552b 140b <= 1.58Kb 386b 98b pbmacrserver.local => 5f08358871n7f35.1e188.net 0b 385b 87b <= 0b 534b 144b 224.8.8.251 => 192.168.1.21 0b 0b 0b <= 0b 611b 280b pbmacrserver.local => Chromecast.local 0b 341b 341b <= 0b 250b 250b pbmacrserver.local => dns.google 0b 111b 50b <= 0b 195b lllb _______________________________________________________________________________ TX: cum: 443KB peak: 25.6Kb rates: 3.25Kb 6.77Kb. 4.24Kb RX' 1.84MB 28.4Kb. 1.82Kb 6.13Kb 4.32Kb TOTAL: 2.27MB 35.5Kb 5.87Kb 12.9Kb 8.56Kb
- pbmac-server.local in the preceding 2 seconds is sent 0KB of data to the host tfl-den.search.spotxchang
- In the preceding 10 seconds pbmac-server.local is sent 2.01Kb data
- In the preceding 40 seconds pbmac-server.local515b data
At the same time :
- tfl-den.search.spotxchang in the preceding 2 seconds is sent 0Kb data to pbmac-server.local
- In the preceding 10 seconds it sent 1.39Kb data
- In the preceding 40 seconds it sent 355b data
At the bottom line, iftop show us the results:
- Cumulative TX and RX kilobytes transmitted
- Peak TX and RX data over the last 40 seconds
- Total transfer rates averaged over 2 seconds, 10 seconds and 40 seconds
The iperf Command
Iperf is a widely used tool for network performance measurement and tuning. It is significant as a cross-platform tool that can produce standardized performance measurements for any network. Iperf has client and server functionality, and can create data streams to measure the throughput between the two ends in one or both directions. Typical iperf output contains a time-stamped report of the amount of data transferred and the throughput measured.
The data streams can be either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP):
- UDP: When used for testing UDP capacity, iperf allows the user to specify the datagram size and provides results for the datagram throughput and the packet loss.
- TCP: When used for testing TCP capacity, iperf measures the throughput of the payload. Iperf uses 1024 × 1024 for mebibytes and 1000 × 1000 for megabytes.
Syntax:
iperf { -c | -s } [ OPTIONS ]
Command Options:
Options | Meaning |
---|---|
-f, --format | [kmKM] format to report: Kbits, Mbits, KBytes, MBytes |
-h, --help | print a help synopsis |
-i, --interva | l n pause n seconds between periodic bandwidth reports |
-l, --len n[KM] | set length read/write buffer to n (default 8 KB) |
-m, --print_mss | print TCP maximum segment size (MTU - TCP/IP header) |
-o, --output <filename> | output the report or error message to this specified file |
-p, --port n | set server port to listen on/connect to to n (default 5001) |
-u, --udp | use UDP rather than TCP |
-w, --window n[KM] | TCP window size (socket buffer size) |
-B, --bind <host> | bind to <host>, an interface or multicast address |
-C, --compatibility | for use with older versions does not sent extra msgs |
-M, --mss n | set TCP maximum segment size (MTU - 40 bytes) |
-N, --nodelay | set TCP no delay, disabling Nagle's Algorithm |
-v, --version | print version information and quit |
-V, --IPv6Version | Set the domain to IPv6 |
The -c or -s option must be used with other OPTIONS.
The following example shows the test of the bandwidth measurements between the local server and the remote server:
pbmac@pbmac-server $ iperf -c www.deltacollege.edu -u 100
iperf: ignoring extra argument -- 100
------------------------------------------------------------
Client connecting to www.deltacollege.edu, UDP port 5001
Sending 1470 byte datagrams, IPG target: 11215.21 us (kalman adjust)
UDP buffer size: 208 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.1.6 port 49584 connected with 52.36.131.229 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 1.25 MBytes 1.05 Mbits/sec
[ 3] Sent 893 datagrams
[ 3] WARNING: did not receive ack of last datagram after 10 tries.
The mtr Command
MTR relies on Internet Control Message Protocol (ICMP) Time Exceeded packets coming back from routers, or ICMP Echo Reply packets when the packets have hit their destination host. MTR also has a User Datagram Protocol (UDP) mode that sends UDP packets, with the time to live (TTL) field in the IP header increasing by one for each probe sent, toward the destination host. When the UDP mode is used, MTR relies on ICMP port unreachable packets when the destination is reached.
The tool is often used for network troubleshooting. By showing a list of routers traversed, and the average round-trip time as well as packet loss to each router, it allows users to identify links between two given routers responsible for certain fractions of the overall latency or packet loss through the network. This can help identify network overuse problems.
Syntax:
mtr [ OPTIONS ] HOSTNAME
Command Options:
Options | Meaning |
---|---|
-h --help | Print the summary of command line argument options. |
-v --version | Print the installed version of mtr. |
-r --report | This option puts mtr into report mode. When in this mode, mtr will run for the number of cycles specified by the -c option, and then print statistics and exit. This mode is useful for generating statistics about network quality. Note that each running instance of mtr generates a significant amount of network traffic. Using mtr to measure the quality of your network may result in decreased network performance. |
-w --report-wide | This option puts mtr into wide report mode. When in this mode, mtr will not cut hostnames in the report. |
-c COUNT --report-cycles COUNT | Use this option to set the number of pings sent to determine both the machines on the network and the reliability of those machines. Each cycle lasts one second. |
-s BYTES --psize BYTES PACKETSIZE | These options or a trailing PACKETSIZE on the commandline sets the packet size used for probing. It is in bytes inclusive IP and ICMP headers If set to a negative number, every iteration will use a different, random packetsize upto that number. |
-n --no-dns | Use this option to force mtr to display numeric IP numbers and not try to resolve the host names. |
The columns in the output are relatively self explanatory: 1) Host - the remote system; 2) Packets Loss % - percent of packets that got no ack; 3) Packets Snt - number of packets sent; 4) Last - round trip time of the last packet; 5) Avg - the average time; 6) Best - the shortest round trip time; 7) Wrst - the slowest time; and 8) StDev - the standard deviation in the ping times.
My traceroute [v8.92] PbmacUbuntu (192.168.1.6) Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. _gateway 9.9% 663 8.7 7.1 3.2 16.1 1.6 2. 96.128.86.49 0.0% 663 15.6 15.3 11.1 36.9 2.2 3. aer25271216rrur82.park.ca.ccal.c 8.8% 663 16.1 16.8 11.5 57.1 4.1 4. aer38rar81.sacramento.ca.ccal.co 8.8% 663 15.4 18.7 14.6 77.4 6.2 5. ber364317cs83.sunnyvale.c .ibone 8.8% 663 28.8 21.8 18.1 72.4 2.9 6. ber1312rcr12.sunnyvale.ca ibone. 29.3% 663 18.4 21.8 16.5 41.1 3.2 7. ber384rcr81.99reatoaks.ca.ibone. 8.8% 662 28.4 21.6 17.3 36.5 2.4 8. ber24117pe11.99reatoaks.ca.ibone 8.8% 662 22.1 21.2 15.4 34.4 2.1 9. 58.288.233.46 8.8% 662 19.8 28.6 15.1 53.9 2.5 18. 216.239.48.18 8.8% 662 21.8 23.2 17.9 113.7 6.4 11. 289.85.248.35 8.8% 662 19.8 28.5 17.2 38.7 2.8 12. sfo87sl7rin7f14.1e188.net 8.8% 662 28.2 28.5 14.7 47.1 2.3
Adapted from:
"iftop" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0
"Iperf" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0
"MTR (software)" by Multiple Contributors, Wikipedia is licensed under CC BY-SA 3.0