Which IP address is using more bandwidth?
Which IP address is using more bandwidth?
I’ve made before another article similar to this one about tracking and monitoring your server bandwidth, this however, is something a bit different, with more in depth view per IP address. Before you could see only the total amount of bandwidth used IN or OUT of your server, however perhaps in certain cases you wish to know more detail, like to which server IP is being used more bandwidth, or more specifically, which IP is using the most bandwidth in real time.
This article is about just that, you can use the application tool called iftop to monitor in real time each IP bandwidth usage and to which server public IP is being pointed. This will help you determine more information on who’s the culprit using the bandwidth and if necessary take action against it.
How to install iftop
To install iftop is really simple, you just need to run the command:
1 2 3 4 5 |
## For debian / Ubuntu apt-get install iftop ## For Centos / Fedora yum install iftop |
By default when running the command iftop
1 |
iftop |
this will also try to resolve the IP addresses for you. In some cases however you would not want this. For example, on my server it would look similar to bellow:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
19.1Mb 38.1Mb 57.2Mb 76.3Mb 95.4Mb ################################################################################# 51.serverhost.org => 109.100.86.77 492kb 492kb 492kb <= 36.0kb 36.0kb 36.0kb 51.serverhost.org => 198.143.38.1.ip.incapdns. 321kb 321kb 321kb <= 26.9kb 26.9kb 26.9kb www.yourhowto.net => n06-05-08.opera-mini.net 84.2kb 84.2kb 84.2kb <= 10.9kb 10.9kb 10.9kb www.yourhowto.net => 221.130.162.54 45.0kb 45.0kb 45.0kb <= 4.89kb 4.89kb 4.89kb 51.serverhost.org => spider-93-158-149-31.yand 16.7kb 16.7kb 16.7kb <= 5.82kb 5.82kb 5.82kb www.yourhowto.net => c.root-servers.net 1.05kb 1.05kb 1.05kb <= 12.4kb 12.4kb 12.4kb www.yourhowto.net => l.gtld-servers.net 864b 864b 864b <= 9.33kb 9.33kb 9.33kb www.yourhowto.net => d.root-servers.net 760b 760b 760b <= 9.39kb 9.39kb 9.39kb www.yourhowto.net => u.arin.net 1.61kb 1.61kb 1.61kb <= 7.84kb 7.84kb 7.84kb ################################################################################# TX: cum: 273kB peak: 994kb rates: 994kb 994kb 994kb RX: 70.4kB 196kb 196kb 196kb 196kb TOTAL: 344kB 1.16Mb 1.16Mb 1.16Mb 1.16Mb |
It would resolve the entire IP address where possible. To avoid this, you can run the command:
1 |
iftop -n |
This in turn will only show you the server IP addresses along with the connections IPs and their usage. You can also go more in detail with this, for instance, if you hit the ‘t‘ key you can change how you group the IP addresses and their view in:
- total usage (upload and download together) on one line
- only upload / received traffic
- only download / sent traffic
- total usage (upload and download separated) on two lines
This will help you more depending on each case what you want to see.
If you have multiple interfaces with more IP addresses, you can select which interface you want to monitor, by default it should load eth0, but you can change to a different one using command:
1 |
iftop -i eth1 |
That’s a bit all you would mostly use, consult the manual if you want more details, but mostly this is what you would mostly be using.
Will see you again in our next article.