1. Install iftop
download and install the address
https://pan.baidu.com/s/1fhGk0mYgLC1SYmgUqzRIUA afpe
or
wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
unzip the file : Tar zxvf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make
make install
2. Run iftop
Iftop interface description:
The scale displayed on the interface is similar to the scale range, which is used as a scale for displaying the flow graph.
The two left and right arrows in the middle <= => indicate the direction of flow.
TX: Transmitted flow
RX: Received flow
TOTAL: Total flow
Cumm : Total flow from running iftop to current time
peak: Flow peak rate
: Represents the average flow in the past 2s 10s 40s
3. The
commonly used parameters of iftop related parameters
-i set the monitored network card, such as: # iftop -i p5p2
-B displays the traffic in bytes (the default is bits), such as: # iftop -B
-n makes the host information default direct Both display IP, such as: # iftop -n
-N makes the port information display the port number directly by default, such as: # iftop -N
-F displays the incoming and outgoing traffic of a specific network segment, such as # iftop -F 192.168.52.0/24 or # iftop -F 192.168.52.0/255.255.255.0
-h (display this message), help, display parameter information
-p After using this parameter, the local host information displayed in the middle list shows IP information other than the local machine;
-b Make the flow graph bar display by default;
-f is not very useful for the time being, it is used to filter calculation packets;
-P makes the host information and port information display by default;
-m sets the maximum value of the uppermost scale on the interface, the scale Displayed in five large segments, for example: # iftop -m 10000M
Some operation commands after entering the iftop screen (note the case)
Press h to switch whether to display help;
press n to switch to display the IP or host name of the machine;
press s to switch whether to Display the host information of the local machine;
press d to switch whether to display the remote target host Host information;
press t to switch the display format to 2 lines / 1 line / only send traffic / only receive traffic;
press N to switch to display the port number or port service name;
press S to switch whether to display the local port information;
press D to switch Whether to display the port information of the remote target host;
Press p to switch whether to display port information;
press P to switch to pause / continue display;
press b to switch whether to display the average flow graph bar;
press B to switch to calculate the average flow within 2 seconds or 10 seconds or 40 seconds;
press T to switch whether to display each The total flow of the connection;
press l to open the screen filtering function, enter the characters to be filtered, such as ip, after pressing Enter, the screen will only display the IP-related flow information;
press L to switch the scale on the display screen; the scale is different, the flow The graph bar will change;
press j or k to scroll the connection records displayed on the screen up or down;
press 1 or 2 or 3 to sort according to the three columns of flow data displayed on the right;
press <according to the name of the machine on the left Or sort by IP; press> to sort by the host name or IP of the remote target host;
press o to switch whether it is fixed and only display the current connection;
press f to edit the filter code, this is a translated statement, I have not used this!
Press! You can use shell commands, this has never been used! I did n’t understand what commands work well here!
Press q to exit monitoring.