Monitoring (measurement) of consumed traffic in Linux

    Once I needed to measure the amount of traffic that some application “devours”. One way to measure this is to install a proxy. But what if you do not want to install a proxy server? .. I didn’t want to. In search of other ways, I first rummaged Habr, then the Internet. Since I once spent a lot of time on this, now I am creating this note so that others do not have such a problem.

    IMPORTANT:
    This method works if we know at what address (addresses) our application is accessing, or from which / which ports.

    Step-by-step instruction


    1. iptraf

    iptraf is a small program that can monitor all the network activity of a computer.
    Sources and binaries can be downloaded from iptraf.

    In the case of Ubuntu, you can install iptraf by running the command:
    sudo apt-get install iptraf

    2. Launch!

    In the terminal we write: iptraf


    3. Customize

    It is necessary to enable logging (otherwise the program will limit itself to display on the screen). This is obviously done in the "Configure" section .


    4. Start monitoring

    We leave the settings, click "IP traffic monitor" and select the path to the file where we will log network activity.


    After that, we should see the following picture:


    This is all that is needed! Nearly.

    5. Analysis

    As I mentioned above, you need to know what address / port our application is accessing (the traffic of which we are calculating).
    For example, if we want to calculate how much traffic the “ last.fm radio hour” costs , we must determine the following:
    the last.fm application addresses addresses like these:
    195.24. * (Last.fm does not access a single address, but refers to a range of addresses )
    To get the amount of traffic that was eaten from the log (which was written an hour), I wrote a small “program” in java, which considers this traffic:

    package stat;
    import java.io.BufferedReader;
    import java.io.FileReader;
    import java.io.IOException;
    /**
     *
     * @author http://habrahabr.ru/users/nucleotide/
     */
    public class Main {
        public static void main(String[] args) throws IOException {
            BufferedReader reader = new BufferedReader(new FileReader("/var/log/iptraf/ip_traffic"));
            String line;
            long count = 0;
            long traffic = 0;
            while ((line = reader.readLine()) != null) {
                count++;
                String s[] = line.split(" ");
                if (s.length < 12) {
                    continue;
                }
                if (s[10].contains("195.24.") || s[12].contains("195.24."))  {   //"from" and "to"
                    traffic += new Long(s[7]);
                         if(s.length>16) traffic += new Long(s[17]);
                }
            }
            System.out.println("Count: " + count + "  lines");
            System.out.println("Total: " + traffic + "  bytes!");
            System.out.println("Total: " + traffic / 1024 + "  Kbytes!");
            System.out.println("Total: " + traffic / (1024 * 1024) + "  Mbytes!");
        }
    }
    


    This option works well when you constantly write logs, and then you need to measure something there. You just need to write / configure the parser exactly as it is necessary in a specific situation, and then you can get all the necessary data.

    Perhaps this is not the best option (albeit working). There are many other options:
    http: //help.ubuntu.ru / ...
    http://iptraf.seul.org/2.7/filters.html
    And so on.

    Also popular now: