ubuntu - How to monitor the network activity of a Java application on Linux in detail?

24
2014-04
  • Martin Lee

    Let's say I have a third-party java application.

    It is a .jar which I run in a usual manner: java -jar app.jar

    How can I monitor what it sends and gets through the network on a Debian-based system?

    I would like to know which servers it connects to and what data it sends and gets.

  • Answers
  • Karolos

    Use netstat. Note that it will only provide the socket information. For more detailed analysis, you can use wireshark.

    More info: http://en.wikipedia.org/wiki/Netstat, http://linux.die.net/man/8/netstat, and http://linux.die.net/man/1/wireshark


  • Related Question

    linux - Monitor the bandwidth usage of each computer on a network
  • Sam152

    I have a Linux box that I would like to use to monitor all bandwidth my network, there are multiple computers all plugged into the network.

    Is there some way to ARP spoof all the traffic through the Linux box and record the amount of bandwidth each computer is using?


  • Related Answers
  • admintech

    I use Bandwidthd

    BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.

  • David Spillett

    What you need to do is put the machine in the network between those machines and your connection to the internet, like so:

    PC1 ----\
    PC2 ----+---- monitor ---- router/modem/other ---- hinterwebs
    PC3 ----/
    

    You need two network cards in the monitor box, one for the local LAN's switch that the other machines plug into too and one for the router. The monitor box would then either be set to act as a transparent bridge or (easier) it would perform NAT (like so) for the LAN. You can then use extra iptables rules with comments to mark them so that you can use something like collectd's iptables module (see here) to record packet and byte counts. You could also use tools like bandwidthd though I've not used that myself. If you are looking to check current traffic rather than log the traffic for future analysis, you can just use iftop (see here, and should be available in all Linux distributions) to list what is going through the box right now.

    Seeing the traffic for all the machines as you describe, without sitting the monitoring machine between the machines you want to monitor, is not really possible an a switched network which all modern networks are. When using a hub all you had to do was drop the network card into promiscuous mode and it would inspect all the traffic on the line but with a switched network the switch makes sure each line only gets the packets is needs not everything.