Skip to content

Top 20 Linux system performance tools


1. top System Process Monitoring

The top command is a performance monitoring program that can be used on many Linux/Unix versions and is a tool frequently used by Linux system administrators to monitor system performance. The top command can periodically display all running and actually running processes updated to the list, displaying CPU usage, memory usage, swap memory, cache size, buffer size, process control, users, and more commands. It also displays running processes with high memory and CPU usage. Top is very useful for system administrators when monitoring and taking appropriate action in Linux systems. Let’s take a look at the actual operation of the top command.


2. vmstat Virtual Memory Statistics

The vmstat command is used to display virtual memory, kernel threads, disks, system processes, I/O modules, interrupts, and CPU active states. By default, Linux systems do not have the vmstat command, and you must install a program package called sysstat to use it. The command format is commonly used as follows:

vmstat 1
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free  inact active   si   so    bi    bo   in   cs us sy id wa st
 1  0      0 810420  97380  70628    0    0   115     4   89   79  1  6 90  3  0

3. lsof Open File List

The lsof command can be used for many Linux/Unix systems and mainly displays open files and processes in list form.

The opened files mainly include disk files, network sockets, pipes, devices, and processes. The main reason for using this command is to display files that cannot be unmounted one by one and display error messages indicating that the file is being used or opened. This command is easy to see which files are in use. The most commonly used format for this command is:

lsof -Pp PID
COMMAND     PID      USER   FD      TYPE     DEVICE     SIZE       NODE NAME
init          1      root  cwd       DIR      104,2     4096          2 /
init          1      root  rtd       DIR      104,2     4096          2 /
init          1      root  txt       REG      104,2    38652   17710339 /sbin/init
init          1      root  mem       REG      104,2   129900     196453 /lib/
init          1      root  mem       REG      104,2  1693812     196454 /lib/
init          1      root  mem       REG      104,2    20668     196479 /lib/
init          1      root  mem       REG      104,2   245376     196419 /lib/
init          1      root  mem       REG      104,2    93508     196431 /lib/
init          1      root   10u     FIFO       0,17                 953 /dev/initctl

4. tcpdump Network Packet Analyzer

Tcpdump is the most widely used command-line network packet analyzer or packet sniffing program, mainly used to capture and filter TCP/IP packets received or transferred in a network on a specific interface. It also provides an option parameter to save the captured packets in a file for later analysis. Tcpdump is available in almost all Linux versions.

tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:08:59.617628 IP > P 2532133365:2532133481(116) ack 3561562349 win 9648
22:09:07.653466 IP > P 116:232(116) ack 1 win 9648
22:08:59.617916 IP > . ack 116 win 64347

5. netstat Network Statistics

The netstat command is a command-line tool for monitoring statistics interfaces for network packets incoming and outgoing. It is a very useful tool for many system administrators to monitor network performance and solve network-related problems.

netstat -tnlp
netstat -tulp

6. htop Process Monitoring

Htop is a more advanced interactive real-time monitoring tool. Htop is very similar to the top command, but it has some very rich features, such as user-friendly interface management processes, shortcut keys, horizontal and vertical processes, and more. Htop is a third-party tool and is not included in Linux systems. You need to use a package management tool to install it.


7. iotop Monitor Disk I/O

Iotop is also similar to the top and htop commands, but it has a reporting function to monitor and display real-time disk I/O input and output and program processes. This tool is very useful for finding accurate high disk read/write processes.


8. iostat Input/Output Statistics

Iostat is a simple tool for collecting and displaying statistics for system input and output storage devices. This tool is usually used to find storage device performance issues, including devices, local disks, such as NFS remote disks.

Linux 2.6.18-238.9.1.el5 (         09/13/2012

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           2.60    3.65    1.04    4.29    0.00   88.42

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
cciss/c0d0       17.79       545.80       256.52  855159769  401914750
cciss/c0d0p1      0.00         0.00         0.00       5459       3518
cciss/c0d0p2     16.45       533.97       245.18  836631746  384153384
cciss/c0d0p3      0.63         5.58         3.97    8737650    6215544
cciss/c0d0p4      0.00         0.00         0.00          8          0
cciss/c0d0p5      0.63         3.79         5.03    5936778    7882528
cciss/c0d0p6      0.08         2.46         2.34    3847771    3659776

9. IPTraf Real-Time IP LAN Monitoring

IPTraf is an open-source Linux system real-time network (IP network) monitoring tool. It can collect various information, such as monitoring IP traffic through the network, including TCP flag information, ICMP details, TCP/UDP traffic failures, TCP connection packets, and Bayesian counting. It also collects TCP, UDP, ICMP, IP, non-IP, IP checksum errors, interface activity, and general information and detailed information statistics data.

How to Use Iptarf to Monitor Network Traffic and Bandwidth

10. Psacct or Acct Monitor User Activity

Psacct or Acct is a very useful tool for monitoring the overall activity of each user on the system. Two daemons are running in the background, one closely monitoring the overall activity of each user on the system, and the other monitoring which resources they consume.


This tool is very useful for system administrators to track the activity of each user, know what the user is doing, what commands are issued, how much resources are occupied, and how long they are active on the system.

11. Monit Program and Service Monitoring

This is a free open-source web-based automatic monitoring and management system process, program, file, directory, permission, and verification file system. It monitors services including Apache, MYSQL, Mail, FTP, Nginx, and more. The system status can be viewed from the command line or its own network interface.


12. NetHogs - Monitor Network Bandwidth of Each Process

NetHogs is an open-source and beautiful little program (similar to the top command in Linux) that keeps track of the network activity status of each process on your system. It also keeps real-time network traffic bandwidth usage for a program or application.


13. iftop Network Bandwidth Monitoring

iftop is another terminal-based open-source system monitoring tool that primarily displays a frequently updated network bandwidth utilization list (i.e., source host and destination host) via the network interface on your own system. iftop monitors network usage, while top monitors system usage.


14. Monitorix System and Network Monitoring

Monitorix is a lightweight monitoring tool designed for Linux/Unix to monitor running system and network resources. It has a built-in HTTP web service to periodically collect system and network information and display them as images. It can monitor system load usage, memory allocation, disk drives, system services, network ports, email statistics (Sendmail, Postfix, Dovecot, etc.), MYSQL databases, and many more services. Its main purpose is to monitor the performance of the entire system and help detect faults, bottlenecks, and abnormal activity.


15. Arpwatch Ethernet Activity Monitor

Arpwatch is a program used to monitor network traffic in Linux networks for Ethernet address resolution (network address translation). It monitors Ethernet traffic with changing network timestamps and produces logs of IP and MAC address pairs. When an IP address or MAC address pair changes, it sends an email notification to the administrator.

It is also useful in detecting ARP attacks.


16. Suricata Network Security Monitoring

Suricata is a high-performance open source network security and intrusion detection and prevention monitoring tool for Linux, FreeBSD, Windows and other operating systems. It is owned by the non-profit foundation OISF (Open Information Security Foundation).


17. VnStat PHP Monitoring Network Bandwidth

VnStat PHP is a web frontend application for the most popular social tool called “vnstat”. VnStat PHP uses a good graphical mode to monitor the usage of network traffic. It displays network traffic usage in summary reports for every hour, day and month.


18. Nagios Network/Server Monitoring

Nagios is a leading open source and powerful monitoring system that allows network/system administrators to identify and resolve server-related issues before they affect major business processes. Nagios can monitor remote Linux, Windows, switches, single-window routers and printers. It displays critical alerts for your network and servers, helping you solve problems before errors occur.


19. Nmon Monitor Linux System Performance

The Nmon (Nigel’s Performance Monitor) tool is used to monitor all resources of a Linux system, including CPU, memory, disk usage, processes on the network, NFS, kernel, etc. This tool has two modes: online mode for real-time monitoring and capture mode for storing output in CSV format for processing later.


20. Collectl Integrated Performance Detection Tool

Collectl is another powerful command line-based monitoring tool that can be used to collect information about system resources, including CPU usage, memory, network, nodes, processes, NFS, TCP sockets, and more.



  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • Made with Material for MkDocs and improve writing by generative AI tools
  • Copyright issue feedback, replace # with @