How to Monitor Server Resources with htop and netstat

How to Monitor Server Resources with htop and netstat

Ever wonder why your website suddenly slows down to a crawl, or why your server starts feeling sluggish during peak traffic hours? I remember the first time my WordPress site crashed during a traffic spike—I was flying blind, with no idea what was happening under the hood.

That experience taught me a valuable lesson: understanding what's happening on your server isn't just for system administrators. As a developer or website owner, being able to quickly diagnose performance issues can save you hours of frustration and prevent costly downtime.

In this guide, I'll show you how to use two powerful Linux tools—htop and netstat—to monitor your server's resources and network connections. These tools have become my go-to solution for quickly identifying performance bottlenecks and security issues. Let's demystify server monitoring! 📊

Why Monitor Server Resources?

Before diving into the tools, let's understand why monitoring matters:

• Performance optimization: Identify what's slowing down your applications
• Security monitoring: Detect unusual network activity or potential attacks
• Capacity planning: Know when it's time to upgrade your server
• Problem diagnosis: Quickly pinpoint the source of issues
• Resource allocation: Ensure your applications have enough resources

Meet Your Monitoring Tools

htop is an interactive process viewer that shows you what's running on your system and how much CPU, memory, and other resources each process is using. Think of it as a supercharged version of the traditional top command.

netstat (network statistics) shows you network connections, routing tables, interface statistics, and more. It's essential for understanding what your server is doing on the network level.

Step-by-Step Server Monitoring Guide

Step 1: Installing htop and netstat

Most modern Linux systems come with these tools pre-installed, but if they're missing:

For Ubuntu/Debian:

sudo apt update
sudo apt install htop net-tools -y

For CentOS/RHEL:

sudo yum install htop net-tools -y
# For newer versions
sudo dnf install htop net-tools -y

Verify Installation:

htop --version
netstat --version

Step 2: Getting Started with htop

Let's explore htop, which will become your best friend for process monitoring.

Launch htop:

htop

Understanding the htop Interface:

When you first launch htop, you'll see several key areas:

1. Header bar (top): Shows overall system load, uptime, and task count
2. Meter bars (below header): CPU, memory, and swap usage in real-time
3. Process list (main area): Running processes with resource usage
4. Function keys (bottom): Available commands and shortcuts

Reading the Header Information:

The header shows crucial system metrics:

• Load average: 1-minute, 5-minute, and 15-minute averages (values above 1.0 per CPU core indicate heavy load)
• Tasks: Total running, sleeping, stopped, and zombie processes
• CPU usage: Percentage breakdown by core
• Memory usage: Used vs total RAM
• Swap usage: Virtual memory usage

Step 3: Mastering htop Navigation

htop's power comes from its interactive features and keyboard shortcuts.

Essential htop Shortcuts:

F1 or h: Help
F2 or S: Setup/configuration
F3 or /: Search for processes
F4 or \: Filter processes
F5 or t: Tree view (show parent-child relationships)
F6 or >: Sort processes by different criteria
F7 or ]: Increase process priority
F8 or [: Decrease process priority
F9 or k: Kill process
F10 or q: Quit

Sorting Processes:

Press F6 to see sorting options:

• Percent_CPU: Show processes using most CPU
• Percent_MEM: Show processes using most memory
• Time: Show processes running longest
• User: Group processes by user

Process Tree View:

Press F5 to toggle tree view, which shows parent-child relationships between processes. This is incredibly useful for understanding how different applications relate to each other.

Step 4: Managing Processes with htop

htop isn't just for monitoring—it's also for taking action when you spot problems.

Killing Problematic Processes:

1. Navigate to the problematic process using arrow keys
2. Press F9 to kill the process
3. Choose the signal type:
   • SIGTERM (15): Graceful termination (default)
   • SIGKILL (9): Force immediate termination
   • SIGSTOP (17): Pause the process

Changing Process Priority:

1. Select a process
2. Press F7 to increase priority (lower nice value)
3. Press F8 to decrease priority (higher nice value)

Step 5: Customizing htop

Make htop work better for your specific needs.

Access Setup Menu:

Press F2 or S

Useful Customizations:

• Meters: Add or remove meter bars in the header
• Display options: Show process paths, user information
• Colors: Customize color schemes
• Columns: Add/remove columns in the process list

Common Columns to Add:

• IO_RATE: Disk I/O usage
• COMM: Command name (shorter than COMMAND)
• PERCENT_CPU: CPU percentage
• PERCENT_MEM: Memory percentage

Step 6: Understanding netstat Basics

Now let's explore network monitoring with netstat.

Basic netstat Commands:

Show All Connections:

netstat -a

Show TCP Connections:

netstat -at

Show UDP Connections:

netstat -au

Show Listening Ports:

netstat -l

Show Statistics:

netstat -s

Reading netstat Output:

Each connection line shows:

• Proto: Protocol (TCP, UDP)
• Recv-Q: Data queued for receiving
• Send-Q: Data queued for sending
• Local Address: Your server's address and port
• Foreign Address: Connected remote address and port
• State: Connection status

Step 7: Advanced netstat Techniques

Let's dive deeper into network monitoring with advanced netstat options.

Show Process Information:

netstat -p

This shows which processes are using which connections.

Show Numeric Addresses:

netstat -n

Displays IP addresses instead of hostnames, which is faster and more reliable.

Show Network Interface Statistics:

netstat -i

Shows statistics for each network interface.

Continuous Monitoring:

netstat -c

Updates the display every second.

Step 8: Practical Monitoring Workflows

Let's put these tools together for real-world scenarios.

High CPU Usage Investigation:

1. Launch htop
2. Sort by Percent_CPU (F6 → Percent_CPU)
3. Identify the top CPU-consuming processes
4. If it's a web server process, check netstat for traffic spikes:

   netstat -an | grep ':80'

5. Kill problematic processes if needed (F9)

High Memory Usage Investigation:

1. In htop, sort by Percent_MEM
2. Check for memory leaks (processes with growing memory usage)
3. Look for zombie processes (marked with "Z")
4. Check swap usage—if high, consider adding more RAM

Network Connectivity Issues:

1. Check listening ports:

   netstat -tlnp

2. Verify your web server is listening:

   netstat -tlnp | grep ':80\|:443'

3. Check for too many connections:

   netstat -an | wc -l

4. Look for suspicious connections:

   netstat -an | grep ESTABLISHED

Step 9: Security Monitoring

Use these tools to detect potential security issues.

Detecting Suspicious Activity:

Unusual Outbound Connections:

netstat -anp | grep ESTABLISHED

Look for connections to unusual IP addresses or countries.

Too Many Connections from Single IP:

netstat -an | grep ESTABLISHED | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

Unexpected Listening Ports:

netstat -tlnp

Verify all listening ports correspond to services you intentionally run.

Monitoring Process Behavior:

In htop, watch for:

• Processes with unusual names
• Processes owned by unexpected users
• Processes consuming unusual amounts of resources
• Parent-child relationships that don't make sense

Step 10: Creating Monitoring Scripts

Let's create simple scripts for automated monitoring.

Resource Usage Alert Script:

#!/bin/bash
# monitor-usage.sh

CPU_THRESHOLD=80
MEM_THRESHOLD=80

# Check CPU usage
CPU_USAGE=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/
/" | awk '{print 100 - $1}')
MEM_USAGE=$(free | grep Mem | awk '{print $3/$2 * 100.0}')

if (( $(echo "$CPU_USAGE > $CPU_THRESHOLD" | bc -l) )); then
    echo "WARNING: CPU usage is ${CPU_USAGE}%"
fi

if (( $(echo "$MEM_USAGE > $MEM_THRESHOLD" | bc -l) )); then
    echo "WARNING: Memory usage is ${MEM_USAGE}%"
fi

Connection Monitor Script:

#!/bin/bash
# monitor-connections.sh

# Count active connections
HTTP_CONNECTIONS=$(netstat -an | grep ':80\|:443' | grep ESTABLISHED | wc -l)
TOTAL_CONNECTIONS=$(netstat -an | grep ESTABLISHED | wc -l)

echo "HTTP connections: $HTTP_CONNECTIONS"
echo "Total established connections: $TOTAL_CONNECTIONS"

# Show top 5 IPs by connection count
echo "Top IPs by connection count:"
netstat -an | grep ESTABLISHED | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -5

Advanced Tips and Tricks

Combining Tools for Better Insights:

# Monitor a specific process
netstat -p | grep nginx
htop -p $(pgrep -o nginx)

Using Watch for Continuous Monitoring:

# Monitor memory usage every 2 seconds
watch -n 2 'free -h'

# Monitor network connections
watch -n 5 'netstat -an | grep ESTABLISHED | wc -l'

Logging for Historical Analysis:

# Log system resources every 5 minutes
*/5 * * * * echo "$(date): $(free -h)" >> /var/log/memory.log
*/5 * * * * echo "$(date): $(htop -n 1 -b | head -5)" >> /var/log/system.log

Common Issues and Solutions

"htop: command not found"

Solution: Install htop using your distribution's package manager (see Step 1).

"Permission denied" when viewing certain processes

Solution: Run htop with sudo to see all system processes: sudo htop

netstat showing too many TIME_WAIT connections

Cause: This is normal after TCP connections close.

Solution: Consider adjusting TCP settings if excessive.

System seems slow but htop shows low usage

Potential causes:

• I/O wait (check with iostat)
• Network latency
• Database issues

Best Practices for Server Monitoring

• Monitor regularly, not just when problems occur
• Establish baselines for normal system behavior
• Use both tools together for comprehensive insights
• Document normal patterns to better spot anomalies
• Set up alerts for critical thresholds
• Keep historical logs for trend analysis

Final Thoughts

Mastering htop and netstat has completely transformed how I approach server administration. These tools give you X-ray vision into what's happening on your server, allowing you to quickly identify issues, optimize performance, and enhance security.

Remember that monitoring isn't about watching numbers—it's about understanding patterns and making informed decisions. The more you use these tools, the better you'll become at recognizing what's normal and what needs attention.

Start with the basics we've covered here, and gradually explore more advanced features. Your server will run more smoothly, your users will have better experiences, and you'll sleep better knowing you have visibility into what's happening under the hood.

Happy monitoring! 📈 Your server (and your users) will thank you for it.