An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
monitoring network traffic from terminal
#36168 09/29/15 07:16 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I would like some way to have a script that can run (continuously or periodically) on some computers, monitoring total network traffic, so it can alert me when a specific computer is going off the deep end for some reason. I've done a fair amount of digging and haven't been able to find a tool to do this.

nettop works well to view live traffic but as far as I can tell is impossible to get to work from inside a script. (auto updating, no single pass output, uses ansi cursor movement extensively, modified terminal settings)

netstat -I en0 -b was also suggested but I ran it and copied in a 3gb file and didn't see it hardly move.

Anyone know how to observe traffic levels in terminal?



I work for the Department of Redundancy Department
Re: monitoring network traffic from terminal
Virtual1 #36182 09/30/15 05:20 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Not familiar with nettop in Terminal, but if nettop works well, couldn't a script (or even a macro utility) call it up very regularly, leave it open for a time period of your choosing, and then quit it. Loop this and… ?

I am visualizing a scenario where it is opened and closed frequently enough that it is there often enough for your purposes.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: monitoring network traffic from terminal
Ira L #36184 09/30/15 05:30 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: Ira L
Not familiar with nettop in Terminal, but if nettop works well, couldn't a script (or even a macro utility) call it up very regularly, leave it open for a time period of your choosing, and then quit it. Loop this and… ?

There's no way to limit its run. With top, you can do "top -l1" and it will give you a one-pass output. nettop on the other hand will just continue to refresh until you quit. To that end, I just started it, dumping output to a file, spawned in a thread, and killed the thread a few seconds later.

Unfortunately, the file contains only ANSI-vommit. It makes extensive use of ansi escape sequences to run around the screen drawing and updating things, using a mix of common, uncommon, and archaic codes, many of which I wasn't even able to find descriptions for. (this isn't color changes, this is mainly moving the cursor around and clearing regions of the screen) It quickly became clear that (A) it would be necessary to parse the ansi stream to produce a screen capture, and (B) this is almost impossible to do without extensive and complete ansi documentation and a lot of time to write a parser. Not really practical. I was unable to find a tool to convert an ansi capture into a flat screenshot either. (that would have been too easy!)

Whoever wrote nettop went way WAY overboard with the cursor movement. There are examples of 10 character ansi sequences to move the cursor right three spaces. TOP at least does the initial screen draw flat out. It uses ansi in a very limited manner to keep the screen refreshed when you don't provide the -l option, mainly to move the cursor back to the top of the screen to just overwrite the lines below, instead of hopping around the screen like a mad gopher, popping up to change numbers here and there. From a refresh perspective, nettop's method makes sense when bandwidth is seriously limited. Otherwise, no, you should not be doing that.

I did however find dozens of threads of people trying to find a way to get nettop to output a single pass, none finding success.


I work for the Department of Redundancy Department
Re: monitoring network traffic from terminal
Virtual1 #36188 09/30/15 08:15 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
I know your predilection for creating your own utilities, but have you checked the app store offerings for "net monitor"? There are 50+ possibilities ranging in price from $2 to $50 (the most promising to my eye are of course the more expensive ones) but one of them might save you from reinventing the wheel.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: monitoring network traffic from terminal
joemikeb #36195 10/01/15 12:55 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: joemikeb
I know your predilection for creating your own utilities, but have you checked the app store offerings for "net monitor"? There are 50+ possibilities ranging in price from $2 to $50 (the most promising to my eye are of course the more expensive ones) but one of them might save you from reinventing the wheel.

this is intended to be a launch daemon, not an app. (purely in terminal type of thing) I need this to be able to run in the background on labs full of computers, flagging machines that are inexplicably hammering the network. (our network admin was troubleshooting a problem and asked me why one of "my macs" had downloaded 10gb of data this morning... we have to keep our eyes open for abuses, we have clowns here trying to run bittorrent and download pirated movies from time to time)


I work for the Department of Redundancy Department
Re: monitoring network traffic from terminal
Virtual1 #37535 12/01/15 01:37 PM
Joined: Dec 2015
Offline

Joined: Dec 2015
Did you ever find a solution for this? I need to do exactly same and have hit the same problems.

Many thanks
Dan

Re: monitoring network traffic from terminal
Dan B #37539 12/01/15 08:59 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: Dan B
Did you ever find a solution for this? I need to do exactly same and have hit the same problems.

Unfortunately, my questions can sometimes be extremely challenging frown Nothing yet but I'm still looking into it. let me know if you find a solution before I do.


I work for the Department of Redundancy Department
Re: monitoring network traffic from terminal
Dan B #37543 12/01/15 10:59 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Hi, and welcome to FineTunedMac. smile

I'm not certain if V1 is more notable for his answers or his questions, but if there's an answer to this one, rest assured (and patiently) that he'll figure it out.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.024s Queries: 30 (0.019s) Memory: 0.6069 MB (Peak: 0.6892 MB) Data Comp: Zlib Server Time: 2024-03-28 13:52:03 UTC
Valid HTML 5 and Valid CSS