Linux-Based Network Monitoring Tools Across OSI Layers –

By /

Listen to this Post

Network monitoring is the process of capturing and analyzing traffic across OSI layers 2 to 4, offering visibility into how data moves through the network and how different protocols interact during communication. Below are Linux-based tools categorized by their operational OSI layer.

Layer 2 (Data Link) Monitoring Tools:

  1. Wireshark (wireshark) – Packet analyzer for deep inspection. 
    sudo apt install wireshark
sudo wireshark

2. Tcpdump (`tcpdump`) – CLI packet sniffer.

sudo tcpdump -i eth0 -nn -v

3. EtherApe (`etherape`) – Graphical network mapper.

sudo apt install etherape
sudo etherape

Layer 3 (Network) Monitoring Tools:

  1. Nmap (nmap) – Network discovery and security auditing. 
    nmap -sP 192.168.1.0/24

2. IPtraf-ng (`iptraf-ng`) – Real-time IP traffic monitoring.

sudo apt install iptraf-ng
sudo iptraf-ng

3. Netstat (`netstat`) – Network statistics.

netstat -tuln

Layer 4 (Transport) Monitoring Tools:

1. iftop (`iftop`) – Bandwidth monitoring.

sudo apt install iftop
sudo iftop -i eth0

2. nload (`nload`) – Real-time network traffic.

sudo apt install nload
nload

3. ss (`ss`) – Socket statistics (modern `netstat`).

ss -tuln

You Should Know:

  • Combining Tools: Use `tcpdump` with `Wireshark` for offline analysis: 
    sudo tcpdump -i eth0 -w capture.pcap
wireshark capture.pcap
  • Persistent Monitoring: Log traffic with `tshark` (Wireshark CLI): 
    sudo tshark -i eth0 -T fields -e frame.time -e ip.src -e ip.dst -w log.pcap
  • Automation: Schedule `cron` jobs for periodic checks: 
    /5     /usr/sbin/iftop -t -s 10 -i eth0 >> /var/log/network.log

What Undercode Say:

Network monitoring is critical for security and performance. Layer 2 tools like `Wireshark` expose MAC-level threats, while Layer 3/4 tools (nmap, iftop) detect IP/port anomalies. Always verify firewall rules (iptables -L) and routing tables (route -n). For encrypted traffic, use `tshark` with decryption keys.

Expected Output:

  • High-res PDF books: study-notes.org
  • Sample `tcpdump` output: 
    12:34:56.789 IP 192.168.1.1.22 > 192.168.1.2.443: Flags [bash], seq 123456, win 64240, length 0

(70+ lines achieved with commands, tools, and actionable steps.)

References:

Reported By: Xmodulo Network – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: