20 Command Line Tools to Monitor Linux Performance

It’s really very tough job for every System or Network administrator to monitor and debug Linux System Performance problems every day. After being a Linux Administrator for 5 years in IT industry, I came to know that how hard is to monitor and keep systems up and running. For this reason, we’ve compiled the list of Top 20 frequently used command line monitoring tools that might be useful for every Linux/Unix System Administrator. These commands are available under all flavors of Linux and can be useful to monitor and find the actual causes of performance problem. This list of commands shown here are very enough for you to pick the one that is suitable for your monitoring scenario.

1. Top – Linux Process Monitoring

Linux Top command is a performance monitoring program which is used frequently by many system administrators to monitor Linux performance and it is available under many Linux/Unix like operating systems. The top command used to dipslay all the running and active real-time processes in ordered list and updates it regularly. It display CPU usage, Memory usage, Swap Memory, Cache Size, Buffer Size, Process PID, User, Commands and much more. It also shows high memory and cpu utilization of a running processess. The top command is much userful for system administrator to monitor and take correct action when required. Let’s see top command in action.

2. VmStat – Virtual Memory Statistics

Linux VmStat command used to display statistics of virtual memory, kernerl threads, disks, system processes, I/O blocks, interrupts, CPU activity and much more. By default vmstat command is not available under Linux systems you need to install a package called sysstat that includes a vmstat program. The common usage of command format is.

3. Lsof – List Open Files

Lsof command used in many Linux/Unix like system that is used to display list of all the open files and the processes. The open files included are disk files, network sockets, pipes, devices and processes. One of the main reason for using this command is when a disk cannot be unmounted and displays the error that files are being used or opened. With this commmand you can easily identify which files are in use. The most common format for this command is.

4. Tcpdump – Network Packet Analyzer

Tcpdump one of the most widely used command-line network packet analyzer or packets sniffer program that is used capture or filter TCP/IP packets that received or transferred on a specific interface over a network. It also provides a option to save captured packages in a file for later analysis. tcpdump is almost available in all major Linux distributions.

5. Netstat – Network Statistics

Netstat is a command line tool for monitoring incoming and outgoing network packets statistics as well as interface statistics. It is very useful tool for every system administrator to monitor network performance and troubleshoot network related problems.

6. Htop – Linux Process Monitoring

Htop is a much advanced interactive and real time Linux process monitoring tool. This is much similar to Linux top command but it has some rich features like user friendly interface to manage process, shortcut keys, vertical and horizontal view of the processes and much more. Htop is a third party tool and doesn’t included in Linux systems, you need to install it using YUM package manager tool. For more information on installation read our article below.

7. Iotop – Monitor Linux Disk I/O

Iotop is also much similar to top command and Htop program, but it has accounting function to monitor and display real time Disk I/O and processes. This tool is much useful for finding the exact process and high used disk read/writes of the processes.

8. Iostat – Input/Output Statistics

IoStat is simple tool that will collect and show system input and output storage device statistics. This tool is often used to trace storage device performance issues including devices, local disks, remote disks such as NFS.

9. IPTraf – Real Time IP LAN Monitoring

IPTraf is an open source console-based real time network (IP LAN) monitoring utility for Linux. It collects a variety of information such as IP traffic monitor that passes over the network, including TCP flag information, ICMP details, TCP/UDP traffic breakdowns, TCP connection packet and byne counts. It also gathers information of general and detaled interface statistics of TCP, UDP, IP, ICMP, non-IP, IP checksum errors, interface activity etc.

10. Psacct or Acct – Monitor User Activity

psacct or acct tools are very useful for monitoring each users activity on the system. Both daemons runs in the background and keeps a close watch on the overall activity of each user on the system and also what resources are being consumed by them.

These tools are very useful for system administrators to track each users activity like what they are doing, what commands they issued, how much resources are used by them, how long they are active on the system etc.

11. Monit – Linux Process and Services Monitoring

Monit is a free open source and web based process supervision utility that automatically monitors and managers system processes, programs, files, directories, permissions, checksums and filesystems.

It monitors services like Apache, MySQL, Mail, FTP, ProFTP, Nginx, SSH and so on. The system status can be viewed from the command line or using it own web interface.

12. NetHogs – Monitor Per Process Network Bandwidth

NetHogs is an open source nice small program (similar to Linux top command) that keeps a tab on each process network activity on your system. It also keeps a track of real time network traffic bandwidth used by each program or application.

13. iftop – Network Bandwidth Monitoring

iftop is another terminal-based free open source system monitoring utility that displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface on your system. iftop is considered for network usage, what ‘top‘ does for CPU usage. iftop is a ‘top‘ family tool that monitor a selected interface and displays a current bandwidth usage between two hosts.

14. Monitorix – System and Network Monitoring

Monitorix is a free lightweight utility that is designed to run and monitor system and network resources as many as possible in Linux/Unix servers. It has a built in HTTP web server that regularly collects system and network information and display them in graphs. It Monitors system load average and usage, memory allocation, disk driver health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc), MySQL statistics and many more. It designed to monitor overall system performance and helps in detecting failures, bottlenecks, abnormal activities etc.

15. Arpwatch – Ethernet Activity Monitor

Arpwatch is a kind of program that is designed to monitor Address Resolution (MAC and IP address changes) of Ethernet network traffic on a Linux network. It continuously keeps watch on Ethernet traffic and produces a log of IP and MAC address pair changes along with a timestamps on a network. It also has a feature to send an email alerts to administrator, when a pairing added or changes. It is very useful in detecting ARP spoofing on a network.

16. Suricata – Network Security Monitoring

Suricata is an high performance open source Network Security and Intrusion Detection and Prevention Monitoring System for Linux, FreeBSD and Windows.It was designed and owned by a non-profit foundation OISF (Open Information Security Foundation).

17. VnStat PHP – Monitoring Network Bandwidth

VnStat PHP a web based frontend application for most popular networking tool called “vnstat“. VnStat PHP monitors a network traffic usage in nicely graphical mode. It displays a total IN and OUT network traffic usage in hourly, daily, monthly and full summary report.

18. Nagios – Network/Server Monitoring

Nagios is an leading open source powerful monitoring system that enables network/system administrators to identify and resolve server related problems before they affect major business processes. With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches, Routers and Printers on a single window. It shows critical warnings and indicates if something went wrong in your network/server which indirectly helps you to begin remediation processes before they occur.

19. Nmon: Monitor Linux Performance

Nmon (stands for Nigel’s performance Monitor) tool, which is used to monitor all Linux resources such as CPU, Memory, Disk Usage, Network, Top processes, NFS, Kernel and much more. This tool comes in two modes: Online Mode and Capture Mode.

The Online Mode, is used for real-time monitoring and Capture Mode, is used to store the output in CSV format for later processing.

20. Collectl: All-in-One Performance Monitoring Tool

Collectl is a yet another powerful and feature rich command line based utility, that can be used to gather information about Linux system resources such as CPU usage, memory, network, inodes, processes, nfs, tcp, sockets and much more.

Switch vs Router vs Hub vs Bridge Vs Repeater Vs Wireless Access Point

Following analysis compares  Switch vs Router vs Hub vs Bridge Vs Repeater and highlights various differences among them for various different networks.

Comparison of the Network layer at which Switch Router Hub Bridge Repeater operate





Wireless Access Point


Network Layer 1 (Physical) 2 (Data) 2 (Data) or 3 (Network) 3 (Network) 1 (Physical) or 2 (Data) 1 (Physical) ,2 (Data) or 3 (Network)

Comparison and properties of a Hub

 Hub properties

A Hub is the simplest of these devices out of the five compared.

Hubs cannot filter data so data packets are sent to all connected devices/computers. The device has to make decision if it needs the packet. This can slow down the network overall.

Hubs do not have intelligence to find out best path for data packets. This leads to inefficiencies and wastage.

Pretty much repeat signal on one end to another.

Hubs are used on small networks where data transmission is not very high.

Comparison and properties of a Bridge

A bridge is more complex than hub.

A bridge maintains a MAC address table for both LAN segments it is connected to.

Bridge has a single incoming and outgoing port.

Bridge filters traffic on the LAN by looking at the MAC address.

Bridge looks at the destination of the packet before forwarding unlike a hub.It restricts transmission on other LAN segment if destination is not found.

Bridges are used to separate parts of a network that do not need to communicate regularly, but need to be connected.

Comparison and properties of a Switch

 network switch properties

A switch when compared to bridge has multiple ports.

Switches can perform error checking before forwarding data.

Switches are very efficient by not forwarding packets that error-ed out or forwarding good packets selectively to correct devices only.

Switches can support both layer 2 (based on MAC Address) and layer 3 (Based on IP address) depending on the type of switch.

Usually large networks use switches instead of hubs to connect computers within the same subnet.

Comparison and properties of a Router

Router properties

A router, like a switch forwards packets based on address.

A router uses the IP address to forward packets. This allows the network to go across different protocols.

Routers forward packets based on software while a switch (Layer 3 for example) forwards using hardware called ASIC (Application Specific Integrated Circuits)

Routers support different WAN technologies but switches do not.

Wireless Routers have Access Point built in.

The most common home use for routers is to share a broadband internet connection. The router has a public IP address and that address is shared with the network. When data comes through the router it is forwarded to the correct computer.

Comparison and properties of a wireless access point

Wireless Access Point bridges wireless and wired traffic.

Wireless Access Point allows devices/computers to connect to LAN in a wireless fashion.

Wireless Access Point allows wired and wireless devices work to communicate with each other.

 Comparison and properties of a Repeater

Repeaters are built into the hubs or switches. Repeaters clean, amplify and resend the signals that have been weakened due to long cables traveling large distances.

Hubs vs Switches vs Routers

Most of the systems you are working on might be connected to a hub, or switch, or router. Probably you never thought about those networking devices, how they work, and the differences between them.

In this article, we’ll explain the core technical differences between these networking devices.

To understand these, it is also helpful if you have some basic knowledge of different layers in OSI model of communication.


  • Hubs, also known as repeaters, are network devices that can operate on layer-1 (I.e. the physical layer) to connect network devices for communication.
  • Hubs cannot process layer-2 or layer-3 traffic. Layer-2 deals with hardware addresses and layer-3 deals with logical (IP) addresses. So, hubs cannot process information based on MAC or IP addresses.
  • Hubs cannot even process data based on whether it is a uni-cast, broadcast or multi-cast data.
  • All that a hub does is that it transfers data to every port excluding the port from where data was generated.
  • Hubs work only in half duplex mode I.e. a device connected to a hub can either send or receive data at a given time.
  • If more than one device sends out data simultaneously then data collisions happen.
  • In case of a collision, a hub rejects data from all the devices and signals them to send data again. Usually devices follow a random timer after which data is sent again to hub.
  • Hubs are prone to collisions and as more and more devices are added to set up of multiple hubs, the chances of collisions will increase and hence the overall performance of network will go down.


  • Switches are network devices that operate on layer-2 of OSI model of communication.
  • Switches are also known as intelligent hubs.
  • Switches operate on hardware addresses to transfer data across devices connected to them.
  • The reason switches are known as intelligent hubs is because they build address table in hardware to keep track of different hardware addresses and the port to which each hardware address is associated.
  • The reason why they are compared to hubs because a switch, when started fresh, acts just like a hub. Suppose there are 3 devices connected to a switch. Lets call these devices as deviceA, deviceB and deviceC. Now, after a fresh start, if deviceA sends out a message to deviceB then just like a hub, switch will send it out to each port. But, it will store the hardware address and corresponding port in its hardware table. This means that whenever any other device will send any packet destined to deviceA then switch will act intelligently and send it to the correct port and not to all the ports. This way as more and more interaction takes place, the hardware table of switch grows and after a certain period of time switch becomes full blown intelligent version of a hub.
  • Switches are often confused with bridges. Though both of them are mostly similar with major difference being that a switch forwards data at wire speed as it uses special hardware circuits known as ASICs.
  • Switches, unlike hubs, support full duplex data transfer communication for each connected device.
  • As layer 2 protocols headers have no information about network of data packet so switches cannot forward data based or networks and that is the reason switches cannot be used with large networks that are divided in sub networks.
  • Switches can avoid loops through the use of spanning tree protocol.


  • Routers are the network devices that operate at Layer-3 of OSI model of communication.
  • As layer-3 protocols have access to logical address (IP addresses) so routers have the capability to forward data across networks.
  • Sometimes routers are also known as layer-3 switches.
  • Routers are far more feature rich as compared to switches.
  • Routers maintain routing table for data forwarding.
  • Earlier, routing was slower as compared to switching. This was because of the fact that routing table lookup time was considerably high. The reason for this was that the complete packet was fetched into software buffers and then further operations were carried on it.
  • Today, operations are done in hardware which has reduced the latency a lot and hence routers are not considered slower than switches today.
  • Routers have lesser port densities as compared to switches.
  • Routers are usually used as a forwarding network elements in Wide Area Networks.

If you are new to networking, it is also important for you to understand the journey of a data packet in Internet and TCP/IP fundamentals.