About Iftop
iftop is similar to the top of the real-time traffic monitoring tool. Mainly used to display the unit of network traffic flow communication with each other and each set, such as traffic volume between the individual with the machine, and is very suitable for the proxy server to use iptables
Official Website: http://www.ex-parrot.com/~pdw/iftop/
Installation iftop
installation process, compile and install
If you can compile and install iftop to the official website to download the latest source package.
Before installing the need to have installed the required basic compiler environment, such as make, gcc, autoconf and so on. Installation iftop also need to install libpcap and libcurses.
Dependencies on CentOS installation required:
yum install flex byacc libpcap ncurses ncurses-devel libpcap-devel
Debian required for installation dependencies on:
apt-get install flex byacc libpcap0.8 libncurses5
Download iftop
wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
tar zxvf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make && make install
the configure: error: CAN not the Find pcap.h
by You're not going to GET Very FAR the without libpcap.
Then you need to install libpcap, find the appropriate rpm file, such as:
-rw-r--r-- 1 root root 108987 Apr 3 08:21 libpcap-0.9.4-8.1.i386.rpm
-rw-r--r-- 1 root root 119062 Apr 3 08:21 libpcap-devel-0.9.4-8.1.i386.rpm
Setup 2 :( lazy approach, the simplest)
directly above step is omitted
flibpcap-0.9.4-14.el5.x86_64.rpm
the CentOS system:
yum install flex byacc libpcap ncurses ncurses-devel
wget ftp://fr2.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/iftop-0.17-1.el5.rf.i386.rpm
rpm -ivh iftop-0.17-1.el5.rf.i386.rpm
Debian systems run: apt-get install iftop
Run iftop
run directly: iftop
1, iftop interface instructions
shown above is similar to the interface scale range scale, shows the flow pattern as long as the scale used.
Intermediate <= => both left and right arrows indicate the direction of flow.
TX: sending traffic
RX: receiving traffic
TOTAL: Total flow
Cumm: iftop to the current running time total flow
peak: peak flow
rates: represent the past average flow rate of 2s 10s 40s
2, iftop parameters
common parameters
-i monitoring card set, such as: # iftop -i eth1
-B show flow in bytes (default bits), such as: # iftop -B
-n the host information directly show the default IP, such as: # iftop -n
-N port information so that the default port number is displayed directly, such as: # iftop -N
-F flow out of a particular segment of the display, such as # iftop -F 10.10.1.0/24 or # iftop -F 10.10.1.0/255.255.255.0
-h (display this message), helps display the parameter information
After -p use this parameter, the local host information in the middle of the list display, the emergence of information other than the native IP;
-b graphic bar the flow rate is displayed by default;
-f This will not yet used, coated with the calculated filter;
-P information about the host and port information are displayed on the default;
Maximum scale -m uppermost setting interface, a large scale in five-segment display, for example: # iftop -m 100M
Some operation commands after entering iftop screen (case sensitive)
Press h toggle display of help;
N switch the display by IP or host name of the machine;
S host by switching whether to display information on the machine;
D by host switching whether to display the information of the distal end of the target host;
T switch the display format by 2 lines / 1 line / flow rate shows only transmit / receive traffic only display;
N switch the display by port number or service name;
S by switching whether to display the port information of the client;
Toggle display D by the distal end of the target host port information;
Press p switch port information is displayed;
Press P switch suspend / resume display;
B by switching whether to display the graphic bar average flow rate;
Calculating an average flow rate within 2 seconds or 10 seconds or 40 seconds by the switch B;
T by switching whether to display the total flow of each connection;
L Open the screen by filtering the input to filter characters, such as ip, press Enter, the screen displays only the IP relevant traffic information;
L scale display screen by switching the upper side; different scales, there will be changes in flow pattern strip;
Press j or k can scroll down by connecting up a screen display or recording;
Press 1 or 2 or 3 can be sorted according to three traffic data displayed to the right;
Press <machine name according to the sorted IP or left;
Press> The name of the remote host or destination host IP sort;
O is fixed or switched by simply displays the current connection;
Press f can edit the filter code, which is translated to say, I have not used this!
Press! You can use shell commands, this never used! Not understood what command in this easy to use it!
Press q to exit monitoring.