Essential Linux Monitoring Tools: Install and Use Nethogs, IOTop, NMON, and More

1. Nethogs – Process Bandwidth Monitor

Nethogs is a terminal‑based network traffic monitor that shows bandwidth usage per process.

Download URL: http://sourceforge.net/projects/nethogs/files/nethogs/0.8/nethogs-0.8.0.tar.gz/download

# Install build dependencies
yum -y install libpcap-devel ncurses-devel
# Extract source and build
tar zxvf nethogs-0.8.0.tar.gz
cd nethogs
make && make install
# Run on a specific interface (e.g., eth0)
nethogs eth0

2. IOZone – Disk I/O Performance Test

IOZone measures file system read/write performance on Linux.

Download URL: http://www.iozone.org/src/current/

# Extract and build
tar xvf iozone3_420.tar
cd iozone3_420/src/current/
make linux
# Run a full automatic test suite
./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls

-a: automatic mode (runs a range of file sizes)

-n: minimum file size (KB) for automatic mode

-g: maximum file size (KB) for automatic mode

-i: select specific test (0=write, 1=read, 5=rewind/rewrite, etc.)

-f: name of the test file (deleted after the run)

-R: generate Excel‑compatible output

-b: write output to a plain‑text file

3. IOTop – Real‑Time Disk I/O Monitor

IOTop displays per‑process disk I/O similar to the top command.

# Install from repository
yum -y install iotop
# Run interactively
iotop

4. IPtraf – Simple Network Analyzer

IPtraf provides a straightforward view of network traffic on Linux.

# Install from repository
yum -y install iptraf
# Launch the interactive UI
iptraf

5. IFTop – Real‑Time Network Bandwidth Monitor

iftop shows live network traffic per interface, offering a more visual alternative to iptraf.

Download URL: http://www.ex-parrot.com/~pdw/iftop/

# Extract and build
tar zxvf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make && make install
# Run on the default interface
iftop
# Or monitor a specific interface, e.g., eth0
iftop -i eth0

TX: transmitted traffic

RX: received traffic

TOTAL: cumulative traffic

Cumm: traffic since iftop started

peak: observed traffic peak

rates: average rates over 2 s, 10 s, and 40 s windows

6. HTop – Interactive Process Viewer

HTop replaces the classic top command with a more user‑friendly, colorized interface.

# Install from repository
yum -y install htop
# Launch
htop

7. NMON – System Resource Monitor

NMON provides comprehensive monitoring for CPU, memory, disks, network, and more on AIX and Linux.

Download URL: http://sourceforge.jp/projects/sfnet_nmon/releases/

# Make the binary executable and move it to a directory in $PATH
chmod +x nmon_x86_64_rhel6
mv nmon_x86_64_rhel6 /usr/sbin/nmon
# Run interactively
nmon

8. MultiTail – Simultaneous Log Monitoring

MultiTail opens multiple windows in a single console to tail several log files at once.

# Install from repository
yum -y install multitail
# Tail multiple files with keyword filtering
multitail -e "fail" /var/log/secure
# Run a command and monitor its output
multitail -l "ping baidu.com"
# Monitor several log files simultaneously
multitail -i /var/log/messages -i /var/log/secure

9. Fail2ban – SSH Brute‑Force Protection

Fail2ban watches log files for repeated authentication failures and automatically adds firewall rules to block offending IPs.

Download URL: http://www.fail2ban.org/wiki/index.php/Downloads

# Install from source
cd fail2ban-0.8.11
python setup.py install
# Deploy init script (adjust path if needed)
cp ./redhat-initd /etc/init.d/fail2ban
service fail2ban start
chkconfig --add fail2ban
chkconfig fail2ban on

Typical jail.conf excerpt for SSH protection:

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 600
findtime = 600
maxretry = 3
backend = auto

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/sshd.log
maxretry = 5

# Restart to apply changes
service fail2ban restart
# Verify status
fail2ban-client status
# Check iptables rule added by fail2ban
iptables -L

10. Tmux – Terminal Multiplexer

Tmux allows persistent sessions and window management, preventing SSH disconnections from terminating running tasks.

# Install from repository (or build from source)
yum -y install tmux
# Basic usage example
tmux new -s mysession   # create a new session
Ctrl‑b d                # detach session
tmux attach -t mysession # re‑attach later

11. Agedu – Disk Space Usage Viewer

Agedu visualizes disk space consumption and can serve a web interface.

Download URL: http://www.chiark.greenend.org.uk/~sgtatham/agedu/

# Extract, build and install
tar zxvf agedu-r9723.tar.gz
cd agedu-r9723
./configure
make && make install
# Scan the filesystem
agedu -s /
# Start a web UI on a specific address
agedu -w --address 192.168.0.10:80

12. NMap – Network Scanner

NMap discovers hosts, open ports, and services on a network.

Download URL: http://nmap.org/download.html

# Extract and build
tar jxvf nmap-6.40.tar.bz2
cd nmap-6.40
./configure
make && make install
# Basic host scan
nmap 192.168.0.10
# OS detection
nmap -O 192.168.0.10
# Aggressive scan (OS detection, version detection, script scanning, traceroute)
nmap -A 192.168.0.10
# Scan an entire subnet
nmap 192.168.0.0/24

-sS: SYN (stealth) scan

-sV: service version detection

13. Httperf – Web Performance Stress Test

Httperf generates high‑volume HTTP traffic to evaluate web server capacity and stability.

Download URL: http://code.google.com/p/httperf/downloads/list

# Extract, build and install
tar zxvf httperf-0.9.0.tar.gz
cd httperf-0.9.0
./configure
make && make install
# Example stress test
httperf --hog \
    --server=192.168.0.202 \
    --uri=/index.html \
    --num-conns=10000 \
    --wsess=10,10,0.1

Key options explained:

--hog : generate as many connections as the client hardware allows.

--num-conns : total number of connections to open (e.g., 10000).

--wsess : session pattern – first number = number of sessions, second = requests per session, third = think time (seconds) between requests.