A, iftop role:
Ip network traffic between the unit and an external device statistics, based on
You can easily see if each client has unusual access to the machine
Second, the installation iftop:
[root@yjweb ~]# yum install iftop
Description: yum error if there is no match, then install epel source
[root @ localhost liuhongdi] # yum install warm-release
Third, view the help and the version of iftop
[root@yjweb ~]# iftop -h iftop: display bandwidth usage on an interface by host Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code] [-F net/mask] [-G net6/mask6] -h display this message -n don't do hostname lookups -N don't convert port numbers to services -p run in promiscuous mode (show traffic between other hosts on the same network segment) -b don't display a bar graph of traffic -B display bandwidth in bytes -a display bandwidth in packets -i interface listen on named interface -f filter code use filter code to select packets to count (default: none, but only IP packets are counted) -F net/mask show traffic flows in/out of IPv4 network -G net6/mask6 show traffic flows in/out of IPv6 network -l display and count link-local IPv6 traffic (default: off) -P show ports as well as hosts -m limit sets the upper limit for the bandwidth scale -c config file specifies an alternative configuration file -t use text interface without ncurses Sorting orders: -o 2s Sort by first column (2s traffic average) -o 10s Sort by second column (10s traffic average) [default] -o 40s Sort by third column (40s traffic average) -o source Sort by source address -o destination Sort by destination address The following options are only available in combination with -t -s num print one single text output afer num seconds, then quit -L num number of lines to print iftop, version 1.0pre4 copyright (c) 2002 Paul Warren <[email protected]> and contributors
Four, iftop three most commonly used parameters
[Root @ loadserver ~] # iftop -n -N -P
-n: the host information directly show the default IP
(Default solution to anti-domain is not necessary)
-N: the default port information is displayed directly port number
(The default will be displayed as a service, such as: http, https,
No need, also can not port a custom display)
-P: the host information and port information are displayed by default on
Description: This parameter -P added the statistics are statistics to the port,
If you want to look at statistics to the host, then remove the -P parameter
V. iftop common method of Example:
1, view traffic situations specified card:
[Root @ loadserver ~] # iftop -N -P -i -n eth0
2, view traffic situation or an ip network segment
[root @ loadserver ~] # iftop -n -N -P -F 172,117 . 123.26 / 32
Six, iftop common interaction command:
1, q: quit monitoring
2, b: opening / closing the flow pattern strip
(Generally not used)
3, p: turn on / off according to port statistics
4, P: Pause / Resume display
Sometimes you need to see data for a point in time
5, T: the opening / closing of the total flow of each connection
6, h: open / close the help screen interactive commands
Seven, the output display data to a file iftop
[Root @ loadserver ~] # iftop -t> /root/iftop.txt
Eight, view the current version of centos
[root@yjweb ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)