Basic use of iftop in Linux system

Enterprise 2023-04-09 19:55:35 views: null

Basic use of iftop in Linux system

1. Introduction to iftop

iftop is a real-time traffic monitoring tool that monitors TCP/IP connections, etc. The disadvantage is that it has no report function. Must be run as root.

2. Check the local system environment

1. Check the system version

[root@jeven ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

2. Check the system kernel version

[root@jeven ~]# uname -r 
6.1.8-1.el7.elrepo.x86_64

3. Check the status of the yum warehouse

[root@jeven ~]# yum repolist all |grep  enable 
base/7/x86_64                        CentOS-7 - Base - mirrors.a enabled: 10,072
docker-ce-stable/7/x86_64            Docker CE Stable - x86_64   enabled:    198
elrepo                               ELRepo.org Community Enterp enabled:    154
epel/x86_64                          Extra Packages for Enterpri enabled: 13,740
extras/7/x86_64                      CentOS-7 - Extras - mirrors enabled:    515
updates/7/x86_64                     CentOS-7 - Updates - mirror enabled:  4,691

Fourth, install the iftop tool

1. Use yum to install iftop

This yum warehouse configuration uses the image source of Alibaba Cloud, and you can directly use yum to install iftop.

[root@jeven ~]# yum -y install iftop
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * elrepo: mirrors.tuna.tsinghua.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package iftop.x86_64 0:1.0-0.21.pre4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================================================
 Package                             Arch                                 Version                                          Repository                          Size
====================================================================================================================================================================
Installing:
 iftop                               x86_64                               1.0-0.21.pre4.el7                                epel                                53 k

Transaction Summary
====================================================================================================================================================================
Install  1 Package

Total download size: 53 k
Installed size: 94 k
Downloading packages:
iftop-1.0-0.21.pre4.el7.x86_64.rpm                                                                                                           |  53 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iftop-1.0-0.21.pre4.el7.x86_64                                                                                                                   1/1 
  Verifying  : iftop-1.0-0.21.pre4.el7.x86_64                                                                                                                   1/1 

Installed:
  iftop.x86_64 0:1.0-0.21.pre4.el7                                                                                                                                  

Complete!

2. View iftop version and command help

View iftop command help, the displayed version is iftop, version 1.0pre4.

[root@jeven ~]# iftop -h
iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]

   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  display bandwidth in bytes
   -a                  display bandwidth in packets
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <[email protected]> and contributors

Five, the basic use of iftop

1. Use the iftop command directly

Enter iftop directly, and the first network card is monitored by default.

iftop   #默认是监控第一块网卡的流量

image.png

2. Iftop display instructions

  • first part

The top line in the output of iftop, this line of information is the flow scale, which is used to display the network card bandwidth flow.

  • the second part

1. The two left and right arrows <= => in the middle indicate the flow direction.
2. It is divided into left, middle and right columns respectively. The left and middle columns record which IPs or hosts are connecting to the local network. Among them, "=>" in the middle column represents sending data, and "<=" represents receiving data. Through this indicating arrow, you can clearly know the communication situation between the two IPs.
3. The rightmost column is divided into three sub-columns. These real-time parameters represent the average traffic values ​​within 2 seconds, 10 seconds and 40 seconds when the external IP connects to the machine.

  • the third part

The bottom part of the dividing line is used to count network card traffic information.




TX:发送流量
RX:接收流量
TOTAL:总流量
Cumm:运行iftop到目前时间的总流量
peak:流量峰值
rates:分别表示过去 2s 10s 40s 的平均流量

image.png

3. Specify to monitor a certain network card

[root@jeven ~]# iftop -i ens33

4. Directly display IP

Display IP directly, without DNS anti-analysis

image.png

5. Display the incoming and outgoing packet traffic of a certain network segment


iftop -F 192.168.3.0/24

image.png

Guess you like

Origin blog.csdn.net/jks212454/article/details/129281763
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com