Essential Linux Ops Tools: Nethogs, IOZone, IOTop, and More

1. Process Bandwidth Monitoring - Nethogs

Nethogs is a terminal‑based network traffic monitor that displays the bandwidth consumed by each process.

Download: http://sourceforge.net/projects/nethogs/files/nethogs/0.8/nethogs-0.8.0.tar.gz/download

[root@localhost ~]# yum -y install libpcap-devel ncurses-devel
[root@localhost ~]# tar zxvf nethogs-0.8.0.tar.gz
[root@localhost ~]# cd nethogs
[root@localhost nethogs]# make && make install
[root@localhost nethogs]# nethogs eth0

2. Disk I/O Performance Test - IOZone

IOZone is a Linux file‑system benchmark that measures read/write performance across different operating systems.

Download: http://www.iozone.org/src/current/

[root@localhost current]# tar xvf iozone3_420.tar
[root@localhost ~]# cd iozone3_420/src/current/
[root@localhost current]# make linux
[root@localhost current]# ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls

3. Real‑Time Disk I/O Monitoring - IOTop

IOTop displays live disk I/O usage per process, with an interface similar to the classic top command.

[root@localhost ~]# yum -y install iotop

4. Network Traffic Monitoring - IPtraf

IPtraf is a simple Linux network analysis tool that provides real‑time traffic statistics.

[root@localhost ~]# yum -y install iptraf

5. Network Traffic Monitoring - IFTop

IFTop is a top‑like real‑time bandwidth monitor that is more visual than iptraf.

Download: http://www.ex-parrot.com/~pdw/iftop/

[root@localhost ~]# tar zxvf iftop-0.17.tar.gz
[root@localhost ~]# cd iftop-0.17
[root@localhost iftop-0.17]# ./configure
[root@localhost iftop-0.17]# make && make install
[root@localhost iftop-0.17]# iftop -i eth0

6. Process Real‑Time Monitoring - HTop

HTop is an interactive process viewer that can replace the default top command.

[root@localhost ~]# yum -y install htop

7. System Resource Monitoring - NMON

NMON is a widely used monitoring and analysis tool for AIX and various Linux distributions.

Download: http://sourceforge.jp/projects/sfnet_nmon/releases/

[root@localhost ~]# chmod +x nmon_x86_64_rhel6
[root@localhost ~]# mv nmon_x86_64_rhel6 /usr/sbin/nmon
[root@localhost ~]# nmon

8. Multi‑Log Monitoring - MultiTail

MultiTail opens multiple windows in the console to monitor several log files simultaneously, similar to the tail command.

[root@localhost ~]# yum -y install multitail
[root@localhost ~]# multitail -e "fail" /var/log/secure   # filter by keyword
[root@localhost ~]# multitail -l "ping baidu.com"          # monitor command output
[root@localhost ~]# multitail -i /var/log/messages -i /var/log/secure   # monitor two files

9. SSH Brute‑Force Protection - Fail2ban

Fail2ban watches system logs, matches error patterns with regular expressions, and automatically adds firewall rules to block offending IPs.

Download: http://www.fail2ban.org/wiki/index.php/Downloads

[root@localhost ~]# cd fail2ban-0.8.11
[root@localhost fail2ban-0.8.11]# python setup.py install
[root@localhost fail2ban-0.8.11]# cp ./redhat-initd /etc/init.d/fail2ban
[root@localhost ~]# service fail2ban start
[root@localhost ~]# chkconfig --add fail2ban
[root@localhost ~]# chkconfig fail2ban on

Typical jail configuration (ssh‑iptables)

ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/sshd.log
maxretry = 5

10. Persistent Terminal Sessions - Tmux

Tmux is a powerful terminal multiplexer that is more flexible and efficient than GNU Screen, ensuring long‑running tasks survive SSH disconnections.

[root@localhost ~]# yum -y install tmux

11. Disk Space Visualization - Agedu

Download: http://www.chiark.greenend.org.uk/~sgtatham/agedu/

[root@localhost ~]# tar zxvf agedu-r9723.tar.gz
[root@localhost ~]# cd agedu-r9723
[root@localhost ~]# ./configure
[root@localhost ~]# make && make install
[root@localhost ~]# agedu -s /      # scan filesystem
[root@localhost ~]# agedu -w --address 192.168.0.10:80   # view via web

12. Security Scanning Tool - NMap

NMap is a network discovery and security auditing tool for Linux.

Download: http://nmap.org/download.html

[root@localhost ~]# tar jxvf nmap-6.40.tar.bz2
[root@localhost nmap-6.40]# ./configure
[root@localhost nmap-6.40]# make && make install
[root@localhost ~]# nmap 192.168.0.10          # basic scan
[root@localhost ~]# nmap -O 192.168.0.10    # OS detection
[root@localhost ~]# nmap -A 192.168.0.10    # aggressive scan
[root@localhost ~]# nmap 192.168.0.0/24     # scan entire subnet

-sS TCP SYN scan -sV service version detection

13. Web Stress Testing - Httperf

Httperf is more powerful than ab; it can simulate realistic traffic patterns and reveal performance bottlenecks.

Download: http://code.google.com/p/httperf/downloads/list

[root@localhost ~]# tar zxvf httperf-0.9.0.tar.gz
[root@localhost ~]# cd httperf-0.9.0
[root@localhost httperf-0.9.0]# ./configure
[root@localhost httperf-0.9.0]# make && make install
[root@localhost ~]# httperf --hog --server=192.168.0.202 --uri=/index.html --num-conns=10000 --wsess=10,10,0.1

Parameter notes: --hog: generate as many connections as possible. --num-conns: total number of connections (10 000). --wsess: simulate user sessions (10 sessions, 10 requests each, 0.1 s pause).