How to Monitor Network Traffic on a Linux VPS

Monitoring network traffic helps you understand bandwidth usage, detect abuse, and troubleshoot slow connections on a VPS.

Step 1: Check Real-Time Network Traffic with iftop

iftop shows live bandwidth usage per connection.

sudo apt update
sudo apt install iftop -y

Start monitoring your main network interface:

sudo iftop -i eth0

This is useful when you suspect high traffic or DDoS-like behavior.

Step 2: Monitor Bandwidth Usage Per Interface

Use nload to view incoming and outgoing traffic per interface.

sudo apt install nload -y

nload

This gives a clean overview of total bandwidth usage in real time.

Step 3: Identify Traffic by Process

To see which processes are generating traffic, use nethogs.

sudo apt install nethogs -y

sudo nethogs

Very helpful when Docker containers or background services consume bandwidth.

Step 4: Check Open Connections and Traffic Sources

List active connections and remote IP addresses.

ss -tunap

If you notice unexpected IPs, review your firewall rules.

You may also want to review this related article: Check Which Process Is Using a Port in Ubuntu 25

Step 5: Monitor Network Usage Over Time

vnStat records historical bandwidth usage.

sudo apt install vnstat -y
sudo systemctl enable vnstat
sudo systemctl start vnstat

Check daily and monthly usage:

vnstat

Step 6: Log Traffic for Further Analysis

Capture packets for deeper inspection using tcpdump.

sudo tcpdump -i eth0

Use this carefully on production servers, as output can be large.

Optional Step: Monitor Network Traffic Continuously

For long-term monitoring, consider running traffic tools inside a screen or tmux session.

screen -S network-monitor

This keeps monitoring active even after disconnecting from SSH.