[Make it clear, to say it! ] Using iftop find out who occupied bandwidth

Contents:
(a) iftop traffic monitoring tool
(b) installation iftop
(c) run iftop
(four) iftop command parameters

---

(A) iftop traffic monitoring tool
(1.1) can use the information top view of system resources, processes, memory footprint and other Unix-like systems. View network status using netstat, nmap and other tools. To view real-time network traffic, monitor TCP / IP connections, you can use the command iftop.
(1.2) iftop can be used in real-time traffic monitoring NIC (network segment can be specified), reverse resolution IP, display port information.

---

(B) the installation iftop
(2.1) we first installed epel source, query iftop command is what the package is installed, and then use the yum command to install the iftop.
# Cd /etc/yum.repos.d/--- enter yum source directory
# mv CentOS-Base.repo CentOS-Base.repo.backup.old --- modify CentOS-Base.repo backup file name
# wget - /etc/yum.repos.d/CentOS-Base.repo O http://mirrors.aliyun.com/repo/epel-7.repo --- epel download the source files from the cloud Ali
# yum whatprovides / iftop - - iftop query command is what the package is installed
# yum install perl-SNMP_Session-1.13-5.el7.noarch -y --- use yum command to install the iftop


(2.2) Note: we can also be compiled using way iftop command to install
# wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz --- first download package
# tar zxvf iftop-0.17.tar.gz-- - decompression software
# cd iftop-0.17 / --- has been generated into the directory
# ./configure
# the make the make install &&

---

（三）运行iftop
(3.1)直接运行iftop命令后

(3.2)界面的相关说明，界面上面显示的是类似刻度尺的刻度范围，为显示流量图形的长条作标尺用的，中间的<=、=>这两个左右箭头，表示的是流量的方向。
TX：发送流量
RX：接收流浪
TOTAL：总流量
cum：运行iftop到目前时间的总流量
peak：流量峰值
rates：分别表示过去2s、10s、40s的平均流量

---

（四）iftop命令的相关参数
(4.1)常用的参数
-c：指定可选的配置文件
-t：使用不带ncurses的文本界面
-s num：和-t一起使用的，num秒后打印一次文本输出然后退出
-L num：和-t一起使用的，打印的行数
# iftop -i ens32---使用-i设定监测的网卡
# iftop -B---使用-B参数，以bytes为单位显示流量（默认是bits）
# iftop -n---使用参数-n，是host主机的信息默认直接都显示IP
# iftop -N---使用-N参数使端口信息默认直接都显示端口号
# iftop -F 192.168.26.131/255.255.255.0---使用-F参数显示特定网段的进出流量
# iftop -h---使用-h参数，显示参数信息
# iftop -p---使用-p参数，使用这个参数后，使host信息及端口信息默认都显示
# iftop -b---使用-b参数，使流量图形条默认不显示

# iftop -P---使用-P参数，使得host信息及端口信息默认都显示

# iftop -m 100M---设置界面上的刻度的最大值，刻度分五个大段显示

(4.2)进入iftop画面后的操作指令
按h切换是否显示帮助

按n切换显示本机的IP或主机名

按s切换是否显示本机的host信息

按d切换是否显示远端目标主机的host信息

按t切换显示格式为2行/1行/只显示发送流量/只显示接收流量
按N切换显示端口号或端口服务名称
按S切换是否显示本机的端口信息

按D切换是否显示远端目标主机的端口信息

按p切换是否显示端口信息

按P切换暂停/继续显示
按b切换是否显示平均流量图形条
按B切换计算2秒或10秒或40秒内的平均流量

按T切换是否显示每个连接的总流量

按l打开屏幕过滤功能，输入要过滤的字符，比如ip，按回车后，屏幕就只显示这个IP相关的流量信息

按L切换显示画面上面的刻度，刻度不同，流量图形条会有变化
按j或按k可以向上或向下滚动屏幕显示的连接记录
按1或2或3可以根据右侧显示的三列流量数据进行排序
按<根据左边的本机名和IP排序
按>根据远端目标主机的主机名或IP排序
按o切换是否固定只显示当前的连接
按f可以编辑过滤代码
按!可以使用shell命令
按q退出监控
Output (4.3) iftop as a whole can be divided into three parts: The first part is iftop output the top row, this is the flow line scale, for displaying the card bandwidth traffic; the second part is a maximum output iftop section, which is divided into three left, right, left column and the column is recorded which is native or host IP network connection. Wherein the column => represents the transmitted data, <= representing the received data, indicated by the arrow communication scenario between two clearly know IP. Rightmost column is divided into three small columns, these parameters represent the real IP connectivity to the machine external 2s, 10s, 40s of the average flow. Further there is a part of the flow pattern bar, the flow pattern is a dynamic display of the bar size of the flow to flow in the first portion of the reference scale. This flow pattern through the bar can easily see which IP traffic is maximum, thereby quickly locate problems in the network traffic may appear; a third bottom portion located iftop output can be divided into three rows, wherein the transmitted data represents TX , the RX data representing the received tOTAL indicates transmission of all traffic and the reception, there are the three lines corresponding to three, wherein cum column represents the operation iftop to the current transmission, reception, and the total data traffic, peak column indicates the transmission, reception, and the total traffic spikes, rates column represents the last 2s, 10s, 40s of the value of the average flow.

(4.4) output iftop how to export into the text of it?
# Nohup iftop -i ens32> / tmp / test 2> & 1 & --- iftop exported to the output text and placed in the background

------ This concludes the article, thanks for reading ------