Traffic monitoring under Linux: installation and use of iftop

Enterprise 2020-10-26 16:23:15 views: null

1 Introduction

iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?".

iftop monitors the network (similar to top monitors the cpu usage status), it displays the current bandwidth usage rate by monitoring the specified network port, and is used to answer the question "why is your adsl network link so slow"

Project address: http://www.ex-parrot.com/pdw/iftop/

use

It is more useful for locating abnormal traffic problems on the machine and calling problems between services.

2. Installation

There are two installation methods

1. yum/apt installation

2. Source code compilation and installation

2.1 yum/apt

#Ubuntusudo apt install -y iftop / great
#Centossudo yum install -y  iftop.x86_64

2.2 Source code compilation and installation

2.2.1 Pre-installed system package

#Ubuntusudo apt-get install flex byacc  libpcap0.8 libncurses5
#Centossudo yum install -y flex byacc libpcap ncurses-devel libpcap-devel

2.2.2 Compile and install iftop

#Download iftop installation package
wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
#Unzip the installation package of iftop
tar xzvf iftop-0.17.tar.gz
#Enter the corresponding directory
cd iftop-0.17/
#Configuration
sudo ./configure
#Compile
sudo make
#installation
sudo make install

3. Run iftop

3.1 Help

Execute iftop -h

iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]

-h display this message   
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B display bandwidth in bytes
-a display bandwidth in packets
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
-t use text interface without ncurses

Sorting orders:
-o 2s Sort by first column (2s traffic average)
-o 10s Sort by second column (10s traffic average) [default]
-o 40s Sort by third column (40s traffic average)
-o source Sort by source address
-o destination Sort by destination address

The following options are only available in combination with -t
-s num print one single text output afer num seconds, then quit
-L num number of lines to print

You can see that there are many options, here I share some common usage examples

3.2 Examples

1. Use iftop directly: iftop

2.iftop -B

Display in Byte instead of Bit

3.iftop -n

Do not display hosts information, you can also press n after iftop to switch

Show as hostname

Show as ip

4.iftop -N

The port number is not displayed; the ip displayed by default will be followed by the port number. You can enter iftop and press N to switch

5.iftop -F network segment

For example: iftop -F 192.168.21.0/192.168.21.0

6.iftop -P

Display host information and port information

7.iftop -i eth0

Specify to display only the in and out traffic of the eth0 network card, and by default only display the eth0 network card information

8. Sorting (most important)

iftop -o 2s, sort by rate (average flow in 2 seconds) column, you can also enter iftop and press 1

iftop -o 10s, sort by rate (average traffic in 10 seconds), or enter iftop and press 2

iftop -o 40s, sort by rate (average flow in 40 seconds), or enter iftop and press 3

iftop -o source, sort by source address, you can also enter iftop and press <

iftop -o source, sort by destination address, you can also enter iftop and press>

9. Commonly used shortcut keys

q: exit

?: Help mode

P: Stop screen information refresh

S: Switch source port display

D: Switch dest port display

j/k: scroll forward and backward screen information

 

The above is the introduction of iftop. If you have any questions, you can leave a message in the comment area~

Blogger: Test to make money

Motto: Focus on testing and automation, and strive to improve the efficiency of research and development; through testing and diligence to complete the original accumulation, through reading and financial management to financial freedom.

csdn:https://blog.csdn.net/ccgshigao

Blog Park: https://www.cnblogs.com/qa-freeroad/

51cto :https://blog.51cto.com/14900374

 


Guess you like

Origin blog.51cto.com/14900374/2544017
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com