There are a plethora of tools available for the Raspberry Pi that system administrators can use to monitor network traffic. Newer Raspberry Pi models even come with a built in WiFi chip in addition to the traditional Ethernet port, giving us even more options for connecting to networks and monitoring traffic. Network monitoring can be useful for troubleshooting connectivity problems or identifying bottlenecks that are slowing down connections.
In this tutorial, we will go over various tools that can be used to monitor the network traffic on a Raspberry Pi. Along with default utilities on Raspberry Pi OS, additional packet sniffing and network analyzer tools such as Wireshark can be installed and used to gather information on network traffic. Let’s see how to use them.
In this tutorial you will learn:
- How to install and use iftop, nload, IPTraf, vnStat, NetHogs, and Wireshark for monitoring network traffic on the Raspberry Pi
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Raspberry Pi |
| Software | iftop, nload, IPTraf, vnStat, NetHogs, Wireshark |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Network Monitoring Tools for the Raspberry Pi
In the sections below, we will go over various tools that can be used to monitor network traffic on the Raspberry Pi. Your preferences and goals with network monitoring will help guide you towards the right program (or multiple programs) that best suits your needs. Take a look at the options below and see how to install them.
In order to monitor the traffic of all devices on your network, you would need to establish the Raspberry Pi as a pass through device that intercepts all outgoing connections on your local area network. Such a setup can be configured by using the Raspberry Pi as a router. This would not help with examining encrypted traffic, of course, but would allow the Raspberry Pi to more closely monitor all the connections within your local network.
iftop – See network data in a ‘top’ format
iftop is a command line tool that works similarly to the default top command, which you are probably already familiar with. Rather than displaying CPU, RAM, and process information like its top counterpart, iftop will show the current network rates and a brief list of all incoming and outgoing connections on a network interface.
To install iftop on Raspberry Pi, execute:
$ sudo apt install iftop
Then, to use iftop, simply run the command in terminal (must run with root permissions):
$ sudo iftop
nload – Check current network usage
If you just want to get the statistics about how much data is incoming and outgoing through your network interface, and are not concerned about analyzing the destination or origin information of the data, then nload is a good option. nload provides succinct info about current, average, minimum, and maximum throughputs for both incoming and outgoing bandwidth.
To install nload on Raspberry Pi, execute:
$ sudo apt install nload
Then, to use nload, simply run the command in terminal:
$ nload
IPTraf – Check established TCP connections
IPTraf allows users to see all of the established TCP connections to hosts and port numbers. It also shows how many packets have been sent to the host, and the current TCP flag. It is a command line only program and offers more depth than the previous tools mentioned, but still does not dive as deep as a packet analyzer. In addition to the IP traffic monitor, it also can give general or detailed interface statistics, breakdowns, and a slew of other options.
To install IPTraf on Raspberry Pi, execute:
$ sudo apt install iptraf-ng
Then, run IPTraf with root permissions:
$ sudo iptraf
First, you can choose what you want to do from the beginning window:
Upon choosing the traffic monitor, you can see all incoming and outgoing traffic on the network interface that you selected:
vnStat – Check network traffic totals
vnStat allows system administrators to see how much traffic has been sent and received daily and monthly. It is a perfect tool to gauge the total amount of data coming and going to the Raspberry Pi in a certain time frame. It also shows the average transfer speed, which can help identify problems with network slow downs.
To install vnstat on Raspberry Pi, execute:
$ sudo apt install vnstat
After installation, be sure to start the service in systemd:
$ sudo systemctl start vnstat
Then, run vnstat with no further options to see daily and monthly traffic totals:
$ vnstat
Also check out the output of the
vnstat --help command to see options for checking the last five minutes of network traffic, or a certain number of hours, days, months, years, or a custom date range.
$ vnstat --help
NetHogs – See network usage for each program
NetHogs has the unique distinction of being the only tool on this list that actually displays stats about network traffic for each program currently sending or receiving data. The NetHogs output displays any unique PID that has any kind of ongoing network traffic. For each process, it shows how many kilobytes are being sent (uploaded) and received (downloaded).
To install NetHogs from package manager, execute:
$ sudo apt install nethogs
Then, open NetHogs with root permissions:
$ sudo nethogs
In the screenshot, we can see that the Chromium browser, as well as several apt processes (we are running a package update command) are all using network data.
Wireshark – Capture traffic and analyze packets
Wireshark is both a command line and GUI tool that can be used to capture traffic and then analyze the packets afterwards. For unencrypted network traffic, we can often discern the contents of the packet data and see exactly what is being transmitted. Even for secure connections, Wireshark will reveal where connections are originating from or routing to, and give information about what network protocols are being used (SSH, FTP, etc).
To install Wireshark, we can run:
$ sudo apt install wireshark
Wireshark can then be opened in the application launcher under “Internet.” Choose the settings as you see fit and then click on Capture > Start to begin capturing network traffic.
We can then click on packets to see the payload data and what protocols are being used, as well as what hosts the connections are being established with.
Closing Thoughts
In this tutorial, we saw how to monitor network traffic on a Raspberry Pi system. As seen here, there are many tools suited for the job, and all of them can be installed via the default package manager on the Raspberry Pi. Each tool has a slightly different use case, with some giving network stats, others sorting network usage by program, some analyzing packet data, and yet others displaying connection data. You may want to use a few of these tools, since they all have their niche and are useful in separate ways.
