Basic use of iftop in Linux system
1. Introduction to iftop
iftop is a real-time traffic monitoring tool that monitors TCP/IP connections, etc. The disadvantage is that it has no report function. Must be run as root.
2. Check the local system environment
1. Check the system version
[root@jeven ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
2. Check the system kernel version
[root@jeven ~]# uname -r
6.1.8-1.el7.elrepo.x86_64
3. Check the status of the yum warehouse
[root@jeven ~]# yum repolist all |grep enable
base/7/x86_64 CentOS-7 - Base - mirrors.a enabled: 10,072
docker-ce-stable/7/x86_64 Docker CE Stable - x86_64 enabled: 198
elrepo ELRepo.org Community Enterp enabled: 154
epel/x86_64 Extra Packages for Enterpri enabled: 13,740
extras/7/x86_64 CentOS-7 - Extras - mirrors enabled: 515
updates/7/x86_64 CentOS-7 - Updates - mirror enabled: 4,691
Fourth, install the iftop tool
1. Use yum to install iftop
This yum warehouse configuration uses the image source of Alibaba Cloud, and you can directly use yum to install iftop.
[root@jeven ~]# yum -y install iftop
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* elrepo: mirrors.tuna.tsinghua.edu.cn
* epel: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package iftop.x86_64 0:1.0-0.21.pre4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================
Installing:
iftop x86_64 1.0-0.21.pre4.el7 epel 53 k
Transaction Summary
====================================================================================================================================================================
Install 1 Package
Total download size: 53 k
Installed size: 94 k
Downloading packages:
iftop-1.0-0.21.pre4.el7.x86_64.rpm | 53 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iftop-1.0-0.21.pre4.el7.x86_64 1/1
Verifying : iftop-1.0-0.21.pre4.el7.x86_64 1/1
Installed:
iftop.x86_64 0:1.0-0.21.pre4.el7
Complete!
2. View iftop version and command help
View iftop command help, the displayed version is iftop, version 1.0pre4.
[root@jeven ~]# iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]
-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B display bandwidth in bytes
-a display bandwidth in packets
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
-t use text interface without ncurses
Sorting orders:
-o 2s Sort by first column (2s traffic average)
-o 10s Sort by second column (10s traffic average) [default]
-o 40s Sort by third column (40s traffic average)
-o source Sort by source address
-o destination Sort by destination address
The following options are only available in combination with -t
-s num print one single text output afer num seconds, then quit
-L num number of lines to print
iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <[email protected]> and contributors
Five, the basic use of iftop
1. Use the iftop command directly
Enter iftop directly, and the first network card is monitored by default.
iftop #默认是监控第一块网卡的流量
2. Iftop display instructions
- first part
The top line in the output of iftop, this line of information is the flow scale, which is used to display the network card bandwidth flow.
- the second part
1. The two left and right arrows <= => in the middle indicate the flow direction.
2. It is divided into left, middle and right columns respectively. The left and middle columns record which IPs or hosts are connecting to the local network. Among them, "=>" in the middle column represents sending data, and "<=" represents receiving data. Through this indicating arrow, you can clearly know the communication situation between the two IPs.
3. The rightmost column is divided into three sub-columns. These real-time parameters represent the average traffic values within 2 seconds, 10 seconds and 40 seconds when the external IP connects to the machine.
- the third part
The bottom part of the dividing line is used to count network card traffic information.
TX:发送流量
RX:接收流量
TOTAL:总流量
Cumm:运行iftop到目前时间的总流量
peak:流量峰值
rates:分别表示过去 2s 10s 40s 的平均流量
3. Specify to monitor a certain network card
[root@jeven ~]# iftop -i ens33
4. Directly display IP
Display IP directly, without DNS anti-analysis
5. Display the incoming and outgoing packet traffic of a certain network segment
iftop -F 192.168.3.0/24