Shulou(Shulou.com)06/01 Report--

This article is about how to use iftop, a real-time network traffic monitoring tool under Linux. I think it is very practical, so I share it with you. I hope you can get something after reading this article. Let's take a look at it with the editor.

Iftop is a real-time network traffic monitoring tool under Linux, which can be installed and used on servers or VPS with similar unix operating system. It is mainly used to display the local network traffic and the set of traffic that communicates with each other. For example, the traffic between the server and that machine alone is very suitable for proxy servers and iptables servers.

Install from Centos EPEL Repo:

Yum install iftop

Or compile and install:

Step 1: install libpcap

Cd / usr/local/srcwget ftp://ftp.port80.se/gentoo/distfiles/libpcap-0.9.8.tar.gztar-zxvf libpcap-0.9.8.tar.gzcd libpcap-0.9.8./configuremake & & make install

Step 2: install IFTOP

Cd / usr/local/srcwget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gztar-zxvf iftop-0.17.tar.gzcd iftop-0.17./configuremake & & make install

Part III: modify IFTOP permissions

Chmod 700 / usr/local/sbin/iftop

Step 4: how to use IFTOP

Iftop-I eth0

If you need help, you can press H key.

The first line is the network traffic scale.

In the middle is the traffic with other machines. There is a white background bar that visually identifies the traffic change. The last three columns of data respectively indicate:

1. Preceding 2 seconds traffic in the past two seconds (traffic)

2. Half of the traffic of around half that amount over the preceding 10s in the past ten seconds

3. 1/5 of a fifth of that over the whole of the last 40s traffic in the past 40 seconds

The next three lines

TX: sending traffic

RX: receive traffic

TOTAL: total traffic

Cumm: total traffic since running iftop

Peak: peak traffic

Rates: indicates the total average traffic of the Nic in the past 2s, 10s and 40s respectively

Press h to get help, and press h to return to the traffic graph from help.

Sort by traffic

Iftop interface related instructions

The interface shows a scale range similar to that of a scale, which is used as a ruler for long bars that display flow patterns.

The two left and right arrows in the middle indicate the direction of the traffic.

TX: sending traffic

RX: receive traffic

TOTAL: total traffic

Cumm: total traffic from running iftop to the current time

Peak: peak traffic

Rates: indicates the average traffic in the past 2s, 10s, 40s respectively

Parameters commonly used in iftop related parameters

-I set the network card for monitoring, such as # iftop-I eth2

-B displays traffic in bytes (default is bits), such as # iftop-B

-n causes host information to display IP directly by default, such as # iftop-n

-N causes port information to display port number directly by default, such as # iftop-N

-F shows the inbound and outbound traffic of a specific network segment, such as # iftop-F 10.10.1.0 Universe 24 or # iftop-F 10.10.1.0 Universe 255.255.255.0

-h (display this message), help, display parameter information

-p after using this parameter, the list in the middle shows the local host information and IP information other than the local host appears.

-b to make the traffic graph bar display by default

-f this is not very good at using for the time being, it is used to filter and calculate packets.

-P makes host information and port information display by default

-m sets the maximum value of the scale at the top of the interface, which is displayed in five segments, for example: # iftop-m 100m

Some operation commands after entering the iftop screen (pay attention to case)

Press h to toggle whether to display help

Press n to toggle to display the IP or hostname of this machine

Press s to switch whether to display the host information of this computer.

Press d to toggle whether to display the host information of the remote target host

Toggle the display format by t to 2 lines / 1 lines / only send traffic / only received traffic

Press N to toggle to display the port number or port service name

Press S to toggle whether to display the port information of this machine.

Press D to toggle whether to display the port information of the remote target host

Press p to toggle whether to display port information

Press P to toggle pause / resume display

Press b to toggle whether to display the average flow graph bar

Calculate the average traffic within 2 seconds or 10 seconds or 40 seconds by B switch

Press T to toggle whether to display the total traffic for each connection

Press l to open the screen filtering function, and enter the characters to be filtered, such as ip. After pressing enter, the screen will only display the traffic information related to this IP.

Press L to switch the scale on the display screen; if the scale is different, the flow graph bar will change

Press j or k to scroll up or down the connection record displayed on the screen

Press 1 or 2 or 3 to sort according to the three columns of traffic data displayed on the right

Sort by the hostname or IP of the remote destination host

Press o to toggle whether to display only the current connection

Press f to edit the filter code, this is a translated statement, I have not used this!

Press! You can use the shell command, this is not used! I don't understand what orders work here!

Press Q to exit the monitoring.

common problem

1 、 make: yacc: Command not found

Make: * * [grammar.c] Error 127

Solution: apt-get install byacc / yum install byacc

2 、 configure: error: Curses! Foiled again!

(Can't find a curses library supporting mvchgat.)

Consider installing ncurses.

Solution: apt-get install libncurses5-dev / yum install ncurses-devel

It is mainly used to show the network traffic of the local machine and the set of traffic that communicates with each other, such as the traffic between the machine and the machine alone. It is very suitable for proxy servers and iptables servers.

The above is how to use iftop, a real-time network traffic monitoring tool under Linux. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.