An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#36168 - 09/29/15 12:16 PM monitoring network traffic from terminal
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
I would like some way to have a script that can run (continuously or periodically) on some computers, monitoring total network traffic, so it can alert me when a specific computer is going off the deep end for some reason. I've done a fair amount of digging and haven't been able to find a tool to do this.

nettop works well to view live traffic but as far as I can tell is impossible to get to work from inside a script. (auto updating, no single pass output, uses ansi cursor movement extensively, modified terminal settings)

netstat -I en0 -b was also suggested but I ran it and copied in a 3gb file and didn't see it hardly move.

Anyone know how to observe traffic levels in terminal?
_________________________
I work for the Department of Redundancy Department

Top
#36182 - 09/30/15 10:20 AM Re: monitoring network traffic from terminal [Re: Virtual1]
Ira L Offline


Registered: 08/13/09
Loc: California
Not familiar with nettop in Terminal, but if nettop works well, couldn't a script (or even a macro utility) call it up very regularly, leave it open for a time period of your choosing, and then quit it. Loop this and… ?

I am visualizing a scenario where it is opened and closed frequently enough that it is there often enough for your purposes.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#36184 - 09/30/15 10:30 AM Re: monitoring network traffic from terminal [Re: Ira L]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Ira L
Not familiar with nettop in Terminal, but if nettop works well, couldn't a script (or even a macro utility) call it up very regularly, leave it open for a time period of your choosing, and then quit it. Loop this and… ?

There's no way to limit its run. With top, you can do "top -l1" and it will give you a one-pass output. nettop on the other hand will just continue to refresh until you quit. To that end, I just started it, dumping output to a file, spawned in a thread, and killed the thread a few seconds later.

Unfortunately, the file contains only ANSI-vommit. It makes extensive use of ansi escape sequences to run around the screen drawing and updating things, using a mix of common, uncommon, and archaic codes, many of which I wasn't even able to find descriptions for. (this isn't color changes, this is mainly moving the cursor around and clearing regions of the screen) It quickly became clear that (A) it would be necessary to parse the ansi stream to produce a screen capture, and (B) this is almost impossible to do without extensive and complete ansi documentation and a lot of time to write a parser. Not really practical. I was unable to find a tool to convert an ansi capture into a flat screenshot either. (that would have been too easy!)

Whoever wrote nettop went way WAY overboard with the cursor movement. There are examples of 10 character ansi sequences to move the cursor right three spaces. TOP at least does the initial screen draw flat out. It uses ansi in a very limited manner to keep the screen refreshed when you don't provide the -l option, mainly to move the cursor back to the top of the screen to just overwrite the lines below, instead of hopping around the screen like a mad gopher, popping up to change numbers here and there. From a refresh perspective, nettop's method makes sense when bandwidth is seriously limited. Otherwise, no, you should not be doing that.

I did however find dozens of threads of people trying to find a way to get nettop to output a single pass, none finding success.
_________________________
I work for the Department of Redundancy Department

Top
#36188 - 09/30/15 01:15 PM Re: monitoring network traffic from terminal [Re: Virtual1]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I know your predilection for creating your own utilities, but have you checked the app store offerings for "net monitor"? There are 50+ possibilities ranging in price from $2 to $50 (the most promising to my eye are of course the more expensive ones) but one of them might save you from reinventing the wheel.
_________________________
joemikeb • moderator

Top
#36195 - 10/01/15 05:55 AM Re: monitoring network traffic from terminal [Re: joemikeb]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: joemikeb
I know your predilection for creating your own utilities, but have you checked the app store offerings for "net monitor"? There are 50+ possibilities ranging in price from $2 to $50 (the most promising to my eye are of course the more expensive ones) but one of them might save you from reinventing the wheel.

this is intended to be a launch daemon, not an app. (purely in terminal type of thing) I need this to be able to run in the background on labs full of computers, flagging machines that are inexplicably hammering the network. (our network admin was troubleshooting a problem and asked me why one of "my macs" had downloaded 10gb of data this morning... we have to keep our eyes open for abuses, we have clowns here trying to run bittorrent and download pirated movies from time to time)
_________________________
I work for the Department of Redundancy Department

Top
#37535 - 12/01/15 05:37 AM Re: monitoring network traffic from terminal [Re: Virtual1]
Dan B Offline


Registered: 12/01/15
Did you ever find a solution for this? I need to do exactly same and have hit the same problems.

Many thanks
Dan

Top
#37539 - 12/01/15 12:59 PM Re: monitoring network traffic from terminal [Re: Dan B]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Dan B
Did you ever find a solution for this? I need to do exactly same and have hit the same problems.

Unfortunately, my questions can sometimes be extremely challenging frown Nothing yet but I'm still looking into it. let me know if you find a solution before I do.
_________________________
I work for the Department of Redundancy Department

Top
#37543 - 12/01/15 02:59 PM Re: monitoring network traffic from terminal [Re: Dan B]
artie505 Online


Registered: 08/04/09
Hi, and welcome to FineTunedMac. smile

I'm not certain if V1 is more notable for his answers or his questions, but if there's an answer to this one, rest assured (and patiently) that he'll figure it out.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top

Moderator:  alternaut, dianne, MacManiac