Network Benchmark Command Line Tools
9 min readOct 4, 2021
Overview
We will look at iperf3, tcpping, ping, traceroute, tcptraceroute and nmap, we will measure latency and bandwidth.
Installation
iperf3
Redhat iperf or iperf3 installation, in case missing the public key for validate the signing, download RPM-GPG-KEY-EPEL-7 from https://dl.fedoraproject.org/pub/epel and put into /etc/pki/rpm-gpg directory
yum install iperf3 -ytcpping
Redhat tcptraceroute and tcpping.
$ sudo yum install tcptraceroute
$ wget http://www.vdberg.org/~richard/tcppingInstall tcpping in Ubuntu 20:
$ sudo apt-get install tcptraceroute
$ sudo apt-get install bc
$ wget http://www.vdberg.org/~richard/tcpping
$ sudo cp tcpping /usr/bin
$ sudo chmod 755 tcppingnmap
Download nmap from Download the Free Nmap Security Scanner for Linux/Mac/Windows
rpm -vhU https://nmap.org/dist/nmap-7.92-1.x86_64.rpmLatency
ping
ping use imcp protocol, if imcp is blocked by firewall, ping won’t work.
Average latency (round trip) 1.437ms, with standard deviation 0.283ms
$ping 10.99.0.7 -c 4
PING 10.99.0.7 (10.99.0.7) 56(84) bytes of data.
64 bytes from 10.99.0.7: icmp_seq=1 ttl=62 time=1.91 ms
64 bytes from 10.99.0.7: icmp_seq=2 ttl=62 time=1.28 ms
64 bytes from 10.99.0.7: icmp_seq=3 ttl=62 time=1.18 ms
64 bytes from 10.99.0.7: icmp_seq=4 ttl=62 time=1.36 ms--- 10.99.0.7 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.182/1.437/1.916/0.283 ms
tcpping
tcpping use tcp protocol, it works when icmp is not opened by firewall.
Input a specific port for tcpping when needed. (default is 80)
$tcpping -x 5 10.99.0.7 22 80
traceroute to 10.99.0.7 (10.99.0.7), 255 hops max, 60 byte packets
seq 0: tcp response from 10.99.0.7 (10.99.0.7) <syn,ack> 1.803 ms
traceroute to 10.99.0.7 (10.99.0.7), 255 hops max, 60 byte packets
seq 1: tcp response from 10.99.0.7 (10.99.0.7) <syn,ack> 1.326 ms
traceroute to 10.99.0.7 (10.99.0.7), 255 hops max, 60 byte packets
seq 2: tcp response from 10.99.0.7 (10.99.0.7) <syn,ack> 2.666 ms
traceroute to 10.99.0.7 (10.99.0.7), 255 hops max, 60 byte packets
seq 3: tcp response from 10.99.0.7 (10.99.0.7) <syn,ack> 1.828 ms
traceroute to 10.99.0.7 (10.99.0.7), 255 hops max, 60 byte packets
seq 4: tcp response from 10.99.0.7 (10.99.0.7) <syn,ack> 1.519 msAbove test shows min 1.326 ms, max 2.666 ms, average will be sum(all entries)/5.
In case specific tcp port is blocked by Linux local firewall, update firewall accordingly.
Ubuntu 20 example:
sudo apt update
sudo apt install apache2
sudo ufw app listsudo ufw status
sudo ufw allow 'Apache'
Sudo ufw allow 'OpenSSH'
sudo ufw enable
sudo ufw statussudo systemctl status apache2
RedHat example:
sudo yum update httpd
sudo yum install httpd
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadtraceroute
Traceroute support multiple methods, including udp, icmp and tcp.
$traceroute -I 10.99.0.7
traceroute to 10.99.0.7 (10.99.0.7), 30 hops max, 60 byte packets
1 10.2.0.1 (10.2.0.1) 0.115 ms 0.106 ms 0.103 ms
2 10.1.0.2 (10.1.0.2) 0.195 ms 0.183 ms 0.190 ms
3 * * *
4 10.99.0.7 (10.99.0.7) 2.129 ms 2.131 ms 2.130 ms<hop #> <hostname> (IP resolution) probe1, probe2, probe3
Typical traceroutes are formatted like so:
Windows: tracert
tcptraceroute
$tcptraceroute 10.99.0.7 22
traceroute to 10.99.0.7 (10.99.0.7), 30 hops max, 60 byte packets
1 10.2.0.1 (10.2.0.1) 0.117 ms 0.102 ms 0.102 ms
2 10.1.0.2 (10.1.0.2) 0.178 ms 0.190 ms 0.219 ms
3 * * *
4 10.99.0.7 (10.99.0.7) <syn,ack> 3.451 ms 3.400 ms 3.397 msScan UDP Port
UDP ports only have two states: listening or not. That usually translates to “having a socket open on it by a process” or “not having any socket open”.
From Redhat NTP server, UDP scan at port 123:
nmap -sU 0.rhel.pool.ntp.org -p 123
Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-06 22:38 Eastern Daylight Time
Nmap scan report for 0.rhel.pool.ntp.org (50.205.244.112)
Host is up (0.044s latency).
Other addresses for 0.rhel.pool.ntp.org (not scanned): 129.213.125.130 66.220.9.122 104.171.113.34
rDNS record for 50.205.244.112: 50-205-244-112-static.hfc.comcastbusiness.netPORT STATE SERVICE
123/udp open ntpNmap done: 1 IP address (1 host up) scanned in 0.54 seconds
If destination host does not allow ping, add no ping option (-Pn):
nmap -sU -p 123 -Pn 0.rhel.pool.ntp.org
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-15 19:53 EST
Nmap scan report for 0.rhel.pool.ntp.org (143.198.227.207)
Host is up.
Other addresses for 0.rhel.pool.ntp.org (not scanned): 107.194.210.155 67.205.162.81 162.159.200.123PORT STATE SERVICE
123/udp open|filtered ntpNmap done: 1 IP address (1 host up) scanned in 2.52 seconds
Ubuntu NTP server:
C:\Users\rquan>nmap -sU ntp.ubuntu.com -p 123
Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-06 22:42 Eastern Daylight Time
Nmap scan report for ntp.ubuntu.com (91.189.91.157)
Host is up (0.043s latency).
Other addresses for ntp.ubuntu.com (not scanned): 2001:67c:1560:8003::c7 2001:67c:1560:8003::c8 91.189.94.4 91.189.89.199 91.189.89.198
rDNS record for 91.189.91.157: alphyn.canonical.comPORT STATE SERVICE
123/udp open ntpNmap done: 1 IP address (1 host up) scanned in 0.61 seconds
Throughput
Use iperf3 to measure throughput, in case you get no route to host error, open port from server side local firewall.
Open local firewall
$firewall-cmd --zone=public --add-port=5201/tcp --permanent
$firewall-cmd --reload
$firewall-cmd --list-allpublic (active)
target: default
icmp-block-inversion: no
interfaces: vlan50
sources:
services: ssh dhcpv6-client
ports: 22/tcp 5201/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Start iperf3 from server side
# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------Run iperfe from client side
Output shows both upload and download bandwidth.
$ iperf3 -c x.x.x.x
Connecting to host x.x.x.x, port 5201
[ 4] local 10.99.0.7 port 44844 connected to x.x.x.x port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 85.9 MBytes 720 Mbits/sec 0 607 KBytes
[ 4] 1.00-2.00 sec 82.2 MBytes 690 Mbits/sec 0 616 KBytes
[ 4] 2.00-3.00 sec 82.3 MBytes 690 Mbits/sec 0 640 KBytes
[ 4] 3.00-4.00 sec 82.7 MBytes 694 Mbits/sec 0 648 KBytes
[ 4] 4.00-5.00 sec 81.8 MBytes 686 Mbits/sec 0 648 KBytes
[ 4] 5.00-6.00 sec 82.3 MBytes 690 Mbits/sec 0 674 KBytes
[ 4] 6.00-7.00 sec 82.2 MBytes 690 Mbits/sec 0 674 KBytes
[ 4] 7.00-8.00 sec 83.0 MBytes 696 Mbits/sec 0 698 KBytes
[ 4] 8.00-9.00 sec 82.1 MBytes 689 Mbits/sec 0 728 KBytes
[ 4] 9.00-10.00 sec 82.5 MBytes 692 Mbits/sec 0 759 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 827 MBytes 694 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 825 MBytes 692 Mbits/sec receiverRun from client side with reverse mode.
Output shows the bandwidth when sending request from server to client.
$ iperf3 -c x.x.x.x -R
Connecting to host x.x.x.x, port 5201
Reverse mode, remote host x.x.x.x is sending
[ 4] local 10.99.0.7 port 46158 connected to x.x.x.x port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 118 MBytes 988 Mbits/sec
[ 4] 1.00-2.00 sec 157 MBytes 1.32 Gbits/sec
[ 4] 2.00-3.00 sec 159 MBytes 1.33 Gbits/sec
[ 4] 3.00-4.00 sec 160 MBytes 1.35 Gbits/sec
[ 4] 4.00-5.00 sec 160 MBytes 1.34 Gbits/sec
[ 4] 5.00-6.00 sec 160 MBytes 1.35 Gbits/sec
[ 4] 6.00-7.00 sec 160 MBytes 1.34 Gbits/sec
[ 4] 7.00-8.00 sec 160 MBytes 1.34 Gbits/sec
[ 4] 8.00-9.00 sec 160 MBytes 1.34 Gbits/sec
[ 4] 9.00-10.00 sec 158 MBytes 1.33 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 1.53 GBytes 1.31 Gbits/sec 52 sender
[ 4] 0.00-10.00 sec 1.52 GBytes 1.30 Gbits/sec receiveriperf Done.
Use UDP protocol
From server side, open UDP port.
#firewall-cmd — zone=public — add-port=5201/udp — permanent
#firewall-cmd — reload
#firewall-cmd — list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: vlan50
sources:
services: ssh dhcpv6-client
ports: 22/tcp 5201/tcp 5201/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:#iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
From client, the output includes jitter and packet loss. (Jitter is defined as a variation in the delay of received packets)
$ iperf3 -c x.x.x.x -u
Connecting to host x.x.x.x, port 5201
[ 4] local 10.99.0.7 port 43463 connected to x.x.x.x port 5201
[ ID] Interval Transfer Bandwidth Total Datagrams
[ 4] 0.00-1.00 sec 117 KBytes 956 Kbits/sec 85
[ 4] 1.00-2.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 2.00-3.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 3.00-4.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 4.00-5.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 5.00-6.00 sec 129 KBytes 1.06 Mbits/sec 94
[ 4] 6.00-7.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 7.00-8.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 8.00-9.00 sec 128 KBytes 1.05 Mbits/sec 93
[ 4] 9.00-10.00 sec 128 KBytes 1.05 Mbits/sec 93
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 4] 0.00-10.00 sec 1.24 MBytes 1.04 Mbits/sec 0.027 ms 0/923 (0%)
[ 4] Sent 923 datagramsiperf Done.
References
Cheat Sheet
Install Iperf on UbuntuYou can use apt-get install to install Iperf in Ubuntu.apt-get install iperfStart serverTo start Iperf in server mode, use the below command.iperf -sStart server in daemon modeRunning the server without daemon mode keeps the process running in the terminal. Use the -D switch to run it as a daemon in the background.iperf -s -DConnecting to server from clientIperf needs to run on the local host in client mode, as well as in server mode on the remote host. To connect to the remote host, add it’s IP address after the -c switch.iperf -c 10.1.1.50Bi-directional simultaneous (test the speed both ways at the same time)Use the -d switch to test in the network bandwidth in both directions. This will perform two tests; one from local host to remote host, and another from the remote host to the local host.iperf -c 10.1.1.50 -dBi-directional (test the speed both one after another)Use the -r switch to test in the network bandwidth in both directions. This is similar to -d except the tests will be performed in sequence; first from local host to remote host, and another from the remote host to the local host.iperf -c 10.1.1.50 -rChange the window sizeThe TCP window size can be changed using the -w switch followed by the number of bytes to use. the below example shows a window size of 2KB. This can be used on either the server or the client.iperf -c 10.1.1.50 -w 2048iperf -s -w 2048Change the portYou must use the same port on both the client and the server for the two processes to communicate with each other. Use the -p switch followed by the port number to use on both the local and remote host.iperf -c 10.1.1.50 -p 9000iperf -s -p 9000Change the test durationThe default test duration of Iperf is 10 seconds. You can override the default with the -t switch followed by the time in seconds the test should last.iperf -s -t 60UDP instead of TCPThe default protocol for Iperf to use is TCP. You can change this to UDP with the -u switch. You will need to run both the client and server in UDP mode to perform the tests.iperf -s -uiperf -c -uThe result will have an extra metric for the packet loss which should be as low as possible, otherwise the packets will have to be re-transmitted using more bandwidth.Run multiple threadsIperf can spawn multiple threads to simultaneously send and receive data. Use the -P switch followed by the number of threads to use.iperf -c -P 4Check the version of IperfUse the -v switch to see the version of Iperf you have installed.iperf -vSee the full list of argumentsUse the -h switch to see the full list of arguments supported by Iperf.iperf -h
return dns name for IP
nslookup
> set type=ptr
> x.x.x.xlookup public IP:
https://ipwhois.io/https://gist.github.com/cnDelbert/5fb06ccf10c19dbce3a7
How to Fix ‘GPG key retrieval failed’ Error during YUM Install? — Techglimpse
IPTables rules for Iperf — IT Blog (ixnfo.com)
How to measure network latency: the 5 best tools | Kadiska | Digital Experience Monitoring DEM
Uperf — A network performance tool
Network Latency: Guide and Best Latency Testing Tools — DNSstuff
How to Read a Traceroute | InMotion Hosting
How to Read a Traceroute — TCPShield
