Shulou(Shulou.com)06/01 Report--

This article introduces you how to get started with Linux network traffic monitoring tool iftop, the content is very detailed, interested friends can refer to, hope to be helpful to you.

What is iftop?

There are many tools for real-time monitoring the network bandwidth usage of the server under the Linux system, such as iptraf, nethogs, etc., but it is recommended to use the small but powerful iftop tool.

Iftop is a free real-time traffic monitoring tool for network card in Linux system, similar to top command. Iftop can monitor the real-time traffic of the specified network card, port connection information, reverse parsing IP, etc., and can also accurately display the local network traffic and the set of traffic that hosts and hosts in the network communicate with each other. It is very suitable for monitoring the network traffic of proxy servers or routers.

At the same time, iftop is very effective for hosts that detect traffic anomalies, and the source of host traffic anomalies can be quickly located through the output of iftop, which is very useful for network fault troubleshooting and network security detection. The disadvantage is that there is no reporting function, and it must be run as root.

Installation

1. Install through software management tools

# CentOS $sudo yum install iftop # Ubuntu $sudo apt install iftop

two。 Compile and install from source code

# install the comparison package $sudo um install libpcap libpcap-devel ncurses ncurses-devel flex byacc # download the package $wget "http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz" $tar zxvf iftop-0.17.tar.gz $cd iftop-0.17 $. / configure $make & & make install

3. Common parameters

-I specify the network card to be detected. If there are multiple network interfaces, you need to pay attention to the choice of network interface. For example, # iftop-I eth2-B will output display the network card traffic in byte units. By default, bit-n will display all the output host information through IP, without DNS parsing-N will only show the connection port number. Do not display the service name corresponding to the port-F shows the traffic in and out of the network card of a specific network segment, such as: iftop-F 192.168.85.0 ash 24-h help, displays parameter information-p runs iftop in mixed mode, and iftop can be used as a network sniffer-P to display the host and port information-m to set the maximum traffic scale at the top of the output interface The traffic scale is divided into five segments, such as: # iftop-m 100m-f uses filter codes to select packets to count. For example, iftop-f filter code-b does not display the traffic graph bar-c specifies optional configuration files, such as: iftop-c config file-t uses a text interface without ncurses, the following two are only used with-t:-s num num seconds later print a text output and then exit -t-s 60 is used in combination to indicate the number of lines output to the terminal-L num for 60 seconds. The-f parameter supports the syntax of tcpdump, and various filtering conditions can be used.

Interface operation

1. Interface information

After installing the iftop tool, you can directly enter the iftop command to display the real-time traffic information of the network card. By default, iftop displays the traffic information of the first network card in the system. If you want to display the specified network card information, you can use the "- I" parameter. Execute the "iftop-P-I eth0" command to get a typical output interface for iftop as shown in the following figure.

The first part

The top line in the iftop output, this line of information is the traffic scale, which is used to display the Nic bandwidth traffic.

Part II

This part is the middle part of the dividing line, which is divided into left, middle and right columns respectively. The left and middle columns record which IP or hosts are connecting to the local network. Where the "= >" in the column represents sending data, "

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.