Shulou(Shulou.com)06/03 Report--

Today, the editor will bring you an article on installing and using iftop tools. The editor thinks it is very practical, so I will share it for you as a reference. Let's follow the editor and have a look.

Iftop is a real-time traffic monitoring tool similar to top. It is mainly used to show the network traffic of the local machine and the set of traffic that communicates with each other, such as the traffic between the machine and the machine alone. It is very suitable for proxy servers and iptables servers.

Official website: http://www.ex-parrot.com/~pdw/iftop/

Install iftop

Installation method 1. Compile and install

If you use compilation and installation, you can download the latest source code package from the iftop official website.

The environment required for basic compilation, such as make, gcc, autoconf, etc., needs to be installed before installation. Installing iftop also requires the installation of libpcap and libcurses.

Install the required dependency packages on CentOS:

Yum install flex byacc libpcap ncurses ncurses-devel libpcap-devel

Install the required dependency packages on Debian:

Apt-get install flex byacc libpcap0.8 libncurses5

Download iftop

Wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

Tar zxvf iftop-0.17.tar.gz

Cd iftop-0.17

. / configure

Make & & make install

Configure: error: can't find pcap.h

You're not going to get very far without libpcap.

Then you need to install libpcap first and find the appropriate rpm file, such as:

-rw-r--r-- 1 root root 108987 Apr 3 08:21 libpcap-0.9.4-8.1.i386.rpm

-rw-r--r-- 1 root root 119062 Apr 3 08:21 libpcap-devel-0.9.4-8.1.i386.rpm

Installation method 2: (lazy person method, the simplest)

Directly omit the above steps

Flibpcap-0.9.4-14.el5.x86_64.rpm

CentOS system:

Yum install flex byacc libpcap ncurses ncurses-devel

Wget ftp://fr2.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/iftop-0.17-1.el5.rf.i386.rpm

Rpm-ivh iftop-0.17-1.el5.rf.i386.rpm

Debian system running: apt-get install iftop

Run iftop

Run directly: iftop

1. Iftop interface instructions

The interface shows a scale range similar to that of a scale, which is used as a ruler for long bars that display flow patterns.

The two left and right arrows in the middle indicate the direction of the traffic.

TX: sending traffic

RX: receive traffic

TOTAL: total traffic

Cumm: total traffic from running iftop to the current time

Peak: peak traffic

Rates: indicates the average traffic in the past 2s, 10s, 40s respectively

2. Iftop related parameters

Commonly used parameters

-I set the network card for monitoring, such as # iftop-I eth2

-B displays traffic in bytes (default is bits), such as # iftop-B

-n causes host information to display IP directly by default, such as # iftop-n

-N causes port information to display port number directly by default, such as # iftop-N

-F shows the inbound and outbound traffic of a specific network segment, such as # iftop-F 10.10.1.0 Universe 24 or # iftop-F 10.10.1.0 Universe 255.255.255.0

-h (display this message), help, display parameter information

-p after using this parameter, the list in the middle shows the local host information and IP information other than the local host appears.

-b to make the traffic graph bar display by default

-f this is not very good at using for the time being, it is used to filter and calculate packets.

-P makes host information and port information display by default

-m sets the maximum value of the scale at the top of the interface, which is displayed in five segments, for example: # iftop-m 100m

Some operation commands after entering the iftop screen (pay attention to case)

Press h to toggle whether to display help

Press n to toggle to display the IP or hostname of this machine

Press s to switch whether to display the host information of this computer.

Press d to toggle whether to display the host information of the remote target host

Toggle the display format by t to 2 lines / 1 lines / only send traffic / only received traffic

Press N to toggle to display the port number or port service name

Press S to toggle whether to display the port information of this machine.

Press D to toggle whether to display the port information of the remote target host

Press p to toggle whether to display port information

Press P to toggle pause / resume display

Press b to toggle whether to display the average flow graph bar

Calculate the average traffic within 2 seconds or 10 seconds or 40 seconds by B switch

Press T to toggle whether to display the total traffic for each connection

Press l to open the screen filtering function, and enter the characters to be filtered, such as ip. After pressing enter, the screen will only display the traffic information related to this IP.

Press L to switch the scale on the display screen; if the scale is different, the flow graph bar will change

Press j or k to scroll up or down the connection record displayed on the screen

Press 1 or 2 or 3 to sort according to the three columns of traffic data displayed on the right

Sort by the hostname or IP of the remote destination host

Press o to toggle whether to display only the current connection

Press f to edit the filter code, this is a translated statement, I have not used this!

Press! You can use the shell command, this is not used! I don't understand what orders work here!

Press Q to exit the monitoring.

The above description is the details of the installation and use of iftop tools, the specific use of which requires hands-on experiments in order to understand. If you want to know more about it, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.