Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "how to use iptraf command". Xiaobian shows you the operation process through actual cases. The operation method is simple, fast and practical. I hope this article "how to use iptraf command" can help you solve the problem.

The iptraf command can monitor network card traffic in real time and generate network protocol packet information, ethernet information, network node status, ip check and error information.

List of iptraf parameters

iptraf followed by different parameters, can play a different role, the following is the iptraf parameter command list:

Parameter command function-iface network interface: immediately start IP traffic monitoring on the specified network interface,iface for all means to monitor all network interfaces, iface for corresponding interface-g immediately start generating summary status information of network interfaces-d iface network interface: immediately start monitoring detailed network traffic information on the specified network interface,iface for corresponding interface-s iface network interface: immediately starts monitoring TCP and UDP network traffic information on the specified network interface,iface for the corresponding interface-z network interface: displays packet count on the specified network interface,iface for the corresponding interface-l network interface: immediately starts monitoring local area network workstation information on the specified network interface,iface for the corresponding interface-t timeout time: Specifies the time that the iptraf command monitors, timeout is the number of minutes of monitoring time-B redirects the annotation output to "/dev/null", turns off annotation input, runs the program as a background process-L logfile Specifies a file to log all command lines, the default file is the address: /var/log/iptraf-I interval Specifies the time interval for logging logs (in minutes), excluding IP traffic monitor-u Allow unsupported interfaces as Ethernet devices-f Clear all counters-h Display help information

Note: Open the command line window, use iptraf to be informed that you need to run as an administrator, and switch from a normal user to an administrator user by simply executing the command sudo su.

As shown in the following figure, Figure 1 shows the prompt information before switching to the administrator identity, and Figure 2 shows the prompt information after switching to the administrator identity.

Menu options after using iptraf

First, enter iptraf to display the interface shown below:

Click Enter to continue and enter the following figure:

1.Configure

Click "Configure" menu in the general menu command to enter the following command menu:

This is very important, and proper configuration can make the statistical results more intuitive and informative.

1) Reverse DNS lookups: Check the domain name corresponding to the IP of the connection. You can see the domain name result in the pkt captured dialog box of IP traffic monitor. This is not very intuitive. After opening, it will affect the packet capture performance a little.

2) TCP/UDP service names: Where there are ports, the port number will be replaced by the corresponding service name, which is very useful and intuitive.

3) Activity mode: Display whether the traffic is in Kbits/s or Kbytes/s. It is recommended to change it to the latter one, which is more in line with habits.

4) Additional ports: Monitor the ports that need to be monitored by port number. By default, only the ports less than 1024 are monitored.

2.Filters

That's fine unless you have special needs.

Click "Filter" to enter the interface as shown below:

3.IP traffic monitor

According to the connection to view network traffic, this is best to let him run for a while to see the structure of the total statistics, if a single connection takes up a lot of bandwidth, it is easy to see. At the same time, according to IP, it is easy to distinguish whether to interact with intranet or extranet servers. pkt captured can see mac addresses.

Click "IP traffic monitor" to enter the select interface shown below.

Click the option to enter the view interface:

4.General interface statistics

Check the traffic on each NIC. Note that this is NIC traffic, including intranet and extranet. A stand-alone network cannot distinguish between internal and external networks.

Click "General interface statistics" to enter the interface as shown below:

5.Detailed interface statistics

According to the protocol statistics, there are only IP, TCP, UDP and so on, which are not very useful.

Click "Detailed interface statistics" to enter the select interface shown below.

Click the option to enter the view interface:

6.Statistical breakdowns

\1) By packet size: Statistics are based on the size of the transport packet.\ 2)By TCP/UDP port: Statistics based on application protocol, more practical than Detailed interface statistics.

Click on "Statistical breakdowns" to bring up optional menus:

7.LAN station monitor

Based on MAC address statistics.

Click "LAN station monitor" to display optional menu:

About "iptraf command how to use" content introduced here, thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the industry information channel. Xiaobian will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.