Linux系统之iftop的基本使用

一、iftop介绍

iftop是一款实时流量监控工具,监控TCP/IP连接等,缺点就是无报表功能。必须以root身份才能运行。

二、检查本地系统环境

1.检查系统版本

[root@jeven ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

2.检查系统内核版本

[root@jeven ~]# uname -r 
6.1.8-1.el7.elrepo.x86_64

三、检查yum仓库状态

[root@jeven ~]# yum repolist all |grep  enable 
base/7/x86_64                        CentOS-7 - Base - mirrors.a enabled: 10,072
docker-ce-stable/7/x86_64            Docker CE Stable - x86_64   enabled:    198
elrepo                               ELRepo.org Community Enterp enabled:    154
epel/x86_64                          Extra Packages for Enterpri enabled: 13,740
extras/7/x86_64                      CentOS-7 - Extras - mirrors enabled:    515
updates/7/x86_64                     CentOS-7 - Updates - mirror enabled:  4,691

四、安装iftop工具

1.使用yum安装iftop

本次yum仓库配置使用的是阿里云的镜像源，可直接使用yum安装iftop。

[root@jeven ~]# yum -y install iftop
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package iftop.x86_64 0:1.0-0.21.pre4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================================================
 Package                             Arch                                 Version                                          Repository                          Size
====================================================================================================================================================================
Installing:
 iftop                               x86_64                               1.0-0.21.pre4.el7                                epel                                53 k

Transaction Summary
====================================================================================================================================================================
Install  1 Package

Total download size: 53 k
Installed size: 94 k
Downloading packages:
iftop-1.0-0.21.pre4.el7.x86_64.rpm                                                                                                           |  53 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iftop-1.0-0.21.pre4.el7.x86_64                                                                                                                   1/1 
  Verifying  : iftop-1.0-0.21.pre4.el7.x86_64                                                                                                                   1/1 

Installed:
  iftop.x86_64 0:1.0-0.21.pre4.el7                                                                                                                                  

Complete!

2.查看iftop版本与命令帮助

查看iftop的命令帮助，显示版本为iftop, version 1.0pre4。

[root@jeven ~]# iftop -h
iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]

   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  display bandwidth in bytes
   -a                  display bandwidth in packets
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <[email protected]> and contributors

五、iftop的基本使用

1.直接使用iftop命令

直接输入iftop，默认监控的是第一块网卡。

iftop   #默认是监控第一块网卡的流量

2.iftop的显示说明

• 第一部分

iftop 输出中最上面的一行，此行信息是流量刻度，用于显示网卡带宽流量。

• 第二部分

1.中间的<= =>这两个左右箭头，表示的是流量的方向。
2.其中又分别分为左、中、右三列。左列和中列，记录了哪些 IP 或主机正在和本机的网络进行连接。其中，中列的“=>”代表发送数据，“<=”代表接收数据，通过这个指示箭头可以很清晰地知道两个 IP 之间的通信情况。
3.最右列又分为三小列，这些实时参数分别表示外部 IP 连接到本机 2 秒内、10 秒内和 40 秒内的平均流量值。

• 第三部分

分割线最下面的一部分，用来统计网卡流量信息。

TX：发送流量
RX：接收流量
TOTAL：总流量
Cumm：运行iftop到目前时间的总流量
peak：流量峰值
rates：分别表示过去 2s 10s 40s 的平均流量

3.指定监控某块网卡

[root@jeven ~]# iftop -i ens33

4.直接显示IP

直接显示IP, 不进行DNS反解析

5.显示某个网段进出封包流量

iftop -F 192.168.3.0/24