iftop can be used to monitor the real-time traffic of the network card (you can specify the network segment), reverse analysis of ip, display port information, etc.
Run directly
[root@yoon ~]# iftop
Related instructions on the iftop interface
The scale range similar to the scale is displayed on the interface, which is used as a scale for displaying the bar of the flow graph.
The two left and right arrows in the middle <= => indicate the direction of the flow.
TX: Transmit flow
RX: Receive flow
TOTAL: Total flow
Cumm : Total flow from running iftop to current
peak: Flow peak
rates: Represents the average flow in the past 2s, 10s and 40s respectively
iftop related parameters
Common parameters -i designated test card as: iftop - I bond0 -B show flow in bytes (default bits), such as: iftop - B -n default information that the host will directly displayed IP, such as: iftop - n- - N makes the port information display the port number directly by default, such as: iftop- N -F displays the inbound and outbound traffic of a specific network segment, such as: iftop -F 10.20 . 1.0 / 24 or iftop -F 10.20 . 1.0 / 255.255 . 255.0 - h Help Information - P makes the host information and port information displayed by default - p After using this parameter, the local host information displayed in the middle list appears IP information other than the local machine -m Set the maximum value of the uppermost scale on the interface, the scale Display in five large segments, such as: iftop -m 10M
Some operation commands after entering the iftop screen (note the case)
Press h to switch whether to display help Press n to switch to display the IP or host name of the machine Press s to switch whether to display the host information of the machine Press d to switch whether to display the host information of the remote target host Press t to switch the display format to 2 lines / 1 line / Only show the sending traffic / Only show the receiving traffic Press N to switch to display the port number or port service name Press S to switch whether to display the port information of the local machine Press D to switch whether to display the port information of the remote target host Press p to switch whether to display the port information Press P Switch to pause / continue display Press b to switch whether to display the average flow graph bar Press B to switch to calculate the average flow within 2 seconds or 10 seconds or 40 seconds Press T to switch whether to display the total flow for each connection Press l to turn on the screen filtering function, enter The character to be filtered, such as ip, after pressing Enter, the screen will only display the IP-related flow information. Press L to switch the scale on the top of the display screen; different scales, the flow graph bar will change. Press j or k to move up or down. scroll through the connection record by 1 or 2 or 3 can be sorted according to three data traffic appears to the right by < accordance with the present left name or IP Sequence Press > hostname or IP remote target host sorted by switching o is fixed or only displays the current connection Press f to edit the filter code, this is a translated statement, I have not used this Press ! You can use shell commands, this has not been used! I didn't understand what command is easy to use here. Press q to quit monitoring