Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to use Linux traffic monitoring tools", the content is easy to understand, clear, hope to help you solve doubts, the following let the editor lead you to study and learn "how to use Linux traffic monitoring tools" this article.

What is iftop?

Iftop is a real-time traffic monitoring tool similar to top.

Official website: http://www.ex-parrot.com/~pdw/iftop/

Second, what is the use of iftop?

Iftop can be used to monitor the real-time traffic of the network card (you can specify a network segment), reverse parse IP, display port information, and so on, which will be described in more detail in the following usage parameters.

Install iftop installation method 1, compile and install

If you use compilation and installation, you can download the latest source code package from the iftop official website.

The environment required for basic compilation, such as make, gcc, autoconf, etc., needs to be installed before installation. Installing iftop also requires the installation of libpcap and libcurses.

Install the required dependency packages on CentOS:

Yum install flex byacc libpcap ncurses ncurses-devel

Install the required dependency packages on Debian:

Apt-get install flex byacc libpcap0.8 libncurses5

Download iftop

Wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

Tar zxvf iftop-0.17.tar.gz

Cd iftop-0.17

. / configure

Make & & make install

Installation method 2: (lazy person method, the simplest)

Directly omit the above steps

CentOS system:

Yum install flex byacc libpcap ncurses ncurses-devel

Wget ftp://fr2.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/iftop-0.17-1.el5.rf.i386.rpm

Rpm-ivh iftop-0.17-1.el5.rf.i386.rpm

Debian system running: apt-get install iftop

4. Run iftop

Run directly: iftop

The effect is as follows:

5. Related parameters and instructions. 1. Iftop interface description.

The interface shows a scale range similar to that of a scale, which is used as a ruler for long bars that display flow patterns.

The two left and right arrows in the middle indicate the direction of the traffic.

TX: sending traffic

RX: receive traffic

TOTAL: total traffic

Cumm: total traffic from running iftop to the current time

Peak: peak traffic

Rates: indicates the average traffic in the past 2s, 10s, 40s respectively

2. Parameters commonly used in iftop related parameters

-I set the network card for monitoring, such as # iftop-I eth2

-B displays traffic in bytes (default is bits), such as # iftop-B

-n causes host information to display IP directly by default, such as # iftop-n

-N causes port information to display port number directly by default, such as # iftop-N

-F shows the inbound and outbound traffic of a specific network segment, such as # iftop-F 10.10.1.0 Universe 24 or # iftop-F 10.10.1.0 Universe 255.255.255.0

-h (display this message), help, display parameter information

-p after using this parameter, the list in the middle shows the local host information and IP information other than the local host appears.

-b to make the traffic graph bar display by default

-f this is not very good at using for the time being, it is used to filter and calculate packets.

-P makes host information and port information display by default

-m sets the maximum value of the scale at the top of the interface, which is displayed in five segments, for example: # iftop-m 100m

Some operation commands after entering the iftop screen (pay attention to case)

Press h to toggle whether to display help

Press n to toggle to display the IP or hostname of this machine

Press s to switch whether to display the host information of this computer.

Press d to toggle whether to display the host information of the remote target host

Toggle the display format by t to 2 lines / 1 lines / only send traffic / only received traffic

Press N to toggle to display the port number or port service name

Press S to toggle whether to display the port information of this machine.

Press D to toggle whether to display the port information of the remote target host

Press p to toggle whether to display port information

Press P to toggle pause / resume display

Press b to toggle whether to display the average flow graph bar

Calculate the average traffic within 2 seconds or 10 seconds or 40 seconds by B switch

Press T to toggle whether to display the total traffic for each connection

Press l to open the screen filtering function, and enter the characters to be filtered, such as ip. After pressing enter, the screen will only display the traffic information related to this IP.

Press L to switch the scale on the display screen; if the scale is different, the flow graph bar will change

Press j or k to scroll up or down the connection record displayed on the screen

Press 1 or 2 or 3 to sort according to the three columns of traffic data displayed on the right

Sort by the hostname or IP of the remote destination host

Press o to toggle whether to display only the current connection

Press f to edit the filter code, this is a translated statement, I have not used this!

Press! You can use the shell command, this is not used! I don't understand what orders work here!

Press Q to exit the monitoring.

VI. Frequently asked questions

1 、 make: yacc: Command not found

Make: * * [grammar.c] Error 127

Solution: apt-get install byacc / yum install byacc

2 、 configure: error: Curses! Foiled again!

(Can't find a curses library supporting mvchgat.)

Consider installing ncurses.

Solution: apt-get install libncurses5-dev / yum install ncurses-devel

The above is all the contents of this article entitled "how to use Linux Traffic Monitoring tools". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.