1. Iftop checks the centos network situation
Tools for viewing network card traffic in Linux include iptraf, iftop, and nethogs. Iftop can be used to monitor the real-time traffic of the network card (you can specify the network segment), reversely analyze IP, display port information, etc.
The command to install iftop on centos is as follows:
[root@iZbp1f0xuq9rc41s6gdvfyZ /]# yum install iftop -y
If you start it directly, the homepage of the server website cannot be opened. It is so stuck that it makes people panic and want to see who did it.
[root@iZbp1f0xuq9rc41s6gdvfyZ /]# iftop
The server only had a few megabytes of bandwidth, but this bandit stopped them all. I don’t know what trick he used, so the first step was to block his IP.
2. Limit bandwidth-hungry IPs
[root@iZbp1f0xuq9rc41s6gdvfyZ sbin]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.166.168.53 netmask 255.255.240.0 broadcast 172.166.175.255
ether 00:16:3e:0b:66:12 txqueuelen 1000 (Ethernet)
RX packets 673647807 bytes 68392807173 (49.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 645790483 bytes 23381845268 (66.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 614556196 bytes 106586573761 (92.3 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 614556196 bytes 106586573761 (92.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@iZbp1f0xuq9rc41s6gdvfyZ sbin]# iftop -i eth0 -B -F *.*.*.121
eth0 :是通过ifconfig查询出来的哈,各位根据自己的修改。
It can be seen that after the restriction, the network environment of the entire server improved instantly, so it is definitely the fault of this machine. You can ban this IP. The methods are not listed here.
3. Parameter description
界面说明:
"<="与"=>",表示的是流量的方向
"TX":从网卡发出的流量
"RX":网卡接收流量
"TOTAL":网卡发送接收总流量
"cum":iftop开始运行到当前时间点的总流量
"peak":网卡流量峰值
"rates":分别表示最近2s、10s、40s 的平均流量
可以通过键盘的"q"键退出iftop