How to Use the Command 'bandwhich' (with examples)
The bandwhich
command is an interactive CLI tool for monitoring network bandwidth utilization. It offers insights into which processes, connections, and remote IP addresses or hostnames are consuming the network, helping users better understand and troubleshoot network performance issues. This article explores several use cases for the bandwhich
command, providing examples and explanations for each.
Use Case 1: Show the Remote Addresses Table Only
Code:
bandwhich --addresses
Motivation:
Sometimes network administrators or users need to identify which remote addresses or hostnames their system is communicating with. This information is crucial for security audits, monitoring network activity, or diagnosing issues related to unauthorized access. By focusing solely on remote addresses, users can pinpoint suspicious or unexpected connections quickly.
Explanation:
--addresses
: This flag specifically instructsbandwhich
to display only the table of remote addresses or hostnames. It filters the view to exclude other irrelevant data, making the output concise and targeted.
Example Output:
REMOTE ADDRESS SENT RECEIVED
192.168.1.100 100 KB 200 KB
www.example.com 50 KB 100 KB
Use Case 2: Show DNS Queries
Code:
bandwhich --show-dns
Motivation:
Understanding DNS query activities can be pivotal for troubleshooting issues where a system is facing delays or is unable to reach certain services. Monitoring DNS queries can also help detect potential DNS spoofing or attacks, allowing the network administrator to swiftly respond to unusual DNS query patterns.
Explanation:
--show-dns
: This option enables the display of DNS query information. This mode provides users with insights into the DNS requests being made by the system or processes, helping with the analysis of DNS-related issues.
Example Output:
DNS QUERY COUNT
example.com 3
anotherdomain.com 2
Use Case 3: Show Total (Cumulative) Usage
Code:
bandwhich --total-utilization
Motivation:
For a comprehensive view of network traffic over a period, it can be invaluable to see cumulative network usage rather than just real-time statistics. This holistic view assists in understanding overall bandwidth consumption trends, which can be critical for capacity planning or detecting excessive usage.
Explanation:
--total-utilization
: This flag tellsbandwhich
to summarize the data usage since the command was executed. It accumulates the total data sent and received, helping users assess bandwidth consumption over the monitoring session.
Example Output:
TOTAL SENT: 500 MB
TOTAL RECEIVED: 750 MB
Use Case 4: Show the Network Utilization for a Specific Network Interface
Code:
bandwhich --interface eth0
Motivation:
Complex systems often have multiple network interfaces, such as Wi-Fi and Ethernet (eth0). It may be necessary to monitor which specific interface is experiencing high bandwidth usage. Analyzing interface-specific data ensures that network performance can be optimized and necessary adjustments made, like configuring QoS (Quality of Service).
Explanation:
--interface
: This option allows the user to specify which network interface should be monitored. In this example, ’eth0’ represents the Ethernet interface commonly present in systems.
Example Output:
PROCESS SENT RECEIVED
Chrome 150 KB 450 KB
SSH 100 KB 300 KB
Use Case 5: Show DNS Queries with a Given DNS Server
Code:
bandwhich --show-dns --dns-server dns_server_ip
Motivation:
Particularly useful when testing or verifying the behavior of a specific DNS server configuration, this use case allows users to directly associate DNS queries and responses with a specified server. This can help in validating custom DNS configurations or identifying response and request discrepancies.
Explanation:
--show-dns
: As previously mentioned, this enables the display of DNS queries.--dns-server dns_server_ip
: This additional parameter specifies which DNS server to consider when displaying DNS queries, allowing users to narrow down the analysis to interactions with a particular DNS server.
Example Output:
DNS QUERY COUNT
targetdomain.com (via 8.8.8.8) 6
seconddomain.com (via 8.8.8.8) 2
Conclusion:
The bandwhich
command provides a range of utilities that cater to different aspects of network bandwidth analysis, from real-time monitoring of network interfaces to detailed views of DNS queries and remote connections. By leveraging the specific use cases discussed, users can more effectively manage network resources, enhance security, and troubleshoot network issues with precision.