Essential Linux Ops Tools: Install & Use Nethogs, IOZone, IOTop and More
A concise guide for Linux administrators that introduces thirteen practical monitoring and security tools—ranging from network bandwidth trackers like Nethogs to vulnerability scanners like NMap—complete with installation steps, usage examples, and key configuration tips.
This article introduces several practical Linux operations tools for administrators, providing brief descriptions, download links, and installation/usage commands.
1. Nethogs – Process‑level bandwidth monitor
Nethogs displays real‑time network bandwidth usage per process in the terminal.
<code># yum -y install libpcap-devel ncurses-devel
# tar zxvf nethogs-0.8.0.tar.gz
# cd nethogs
# make && make install
# nethogs eth0</code>2. IOZone – Filesystem read/write performance tester
IOZone measures file system I/O performance across different operating systems.
<code># tar xvf iozone3_420.tar
# cd iozone3_420/src/current/
# make linux
# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls</code>-a runs in automatic mode. -n sets the minimum file size (KB). -g sets the maximum file size (KB). -i selects which test to run. -f names the test file (deleted after completion). -R outputs results to Excel. -b writes output to a specified file.
3. IOTop – Real‑time disk I/O monitor
IOTop shows per‑process disk I/O similar to the top command.
<code># yum -y install iotop</code>4. IPtraf – Simple network traffic analyzer
IPtraf provides a text‑based view of network statistics.
<code># yum -y install iptraf</code>5. IFTOP – Real‑time bandwidth monitor
Iftop displays live network traffic per connection, offering a more visual alternative to iptraf.
<code># tar zxvf iftop-0.17.tar.gz
# cd iftop-0.17
# ./configure
# make && make install
# iftop -i eth0 # monitor specific interface</code>TX – transmitted traffic
RX – received traffic
TOTAL – total traffic
Cumm – cumulative traffic since start
peak – peak bandwidth
rates – average over 2s, 10s, 40s intervals
6. HTop – Interactive process viewer
HTop replaces the classic top command with a more user‑friendly interface.
<code># yum -y install htop</code>7. NMON – System performance monitor
NMON provides comprehensive monitoring and analysis for AIX and various Linux distributions.
<code># chmod +x nmon_x86_64_rhel6
# mv nmon_x86_64_rhel6 /usr/sbin/nmon
# nmon</code>8. MultiTail – Simultaneous log monitoring
MultiTail opens multiple windows in the console to tail several log files at once.
<code># yum -y install multitail
# multitail -e "fail" /var/log/secure # filter by keyword
# multitail -l "ping baidu.com" # execute command and monitor output
# multitail -i /var/log/messages -i /var/log/secure # monitor multiple files</code>9. Fail2ban – SSH brute‑force protection
Fail2ban watches log files for repeated authentication failures and bans offending IPs via iptables.
<code># cd fail2ban-0.8.11
# python setup.py install
# cp ./redhat-initd /etc/init.d/fail2ban
# service fail2ban start
# chkconfig --add fail2ban
# chkconfig fail2ban on</code>Typical configuration (jail.conf):
<code>ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
[ssh-iptables]
enabled = true
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/sshd.log</code>10. Tmux – Terminal multiplexer
Tmux allows persistent sessions and multiple windows, preventing job interruption after SSH disconnection.
<code># yum -y install tmux</code>11. Agedu – Disk space visualizer
Agedu scans directories and presents disk usage in a web interface.
<code># tar zxvf agedu-r9723.tar.gz
# cd agedu-r9723
# ./configure
# make && make install
# agedu -s / # scan root filesystem
# agedu -w --address 192.168.0.10:80 # view via browser</code>12. NMap – Network scanner
NMap discovers open ports, services, and operating system details on remote hosts.
<code># tar jxvf nmap-6.40.tar.bz2
# ./configure
# make && make install
# nmap 192.168.0.10 # basic scan
# nmap -O 192.168.0.10 # OS detection
# nmap -A 192.168.0.10 # aggressive scan
# nmap 192.168.0.0/24 # scan entire subnet</code>-sS TCP SYN scan -sV service version detection
13. Httperf – Web performance tester
Httperf generates high‑load HTTP traffic to evaluate server capacity, latency, and stability.
<code># tar zxvf httperf-0.9.0.tar.gz
# cd httperf-0.9.0
# ./configure
# make && make install
# httperf --hog --server=192.168.0.202 --uri=/index.html \
--num-conns=10000 --wsess=10,10,0.1</code>Key options:
--hog: generate as many connections as possible.
--num-conns: total number of connections (e.g., 10000).
--wsess: simulate user sessions (sessions, requests per session, think time).
This collection of tools equips Linux administrators with essential capabilities for monitoring, performance testing, security hardening, and efficient session management.
Efficient Ops
This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.