CentOS Iftop installation and use of the tutorial detailed

First, what is Iftop?

Iftop is a real-time traffic monitoring tool similar to top.
Official website: http://www.ex-parrot.com/~pdw/iftop/

Second, what is the use of iftop?

Iftop can be used to monitor the real-time traffic of the network card (you can specify the network segment), the reverse resolution of IP, display port information, and so on, detailed will be described in the use of parameters later.

1, install iftop dependent software package:

The code is as follows	Copy Code
# Yum Install flex BYACC libpcap ncurses ncurses-devel libpcap-devel

2, download Iftop source package

The code is as follows	Copy Code
# wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

3. Installation Iftop

The code is as follows	Copy Code
# tar XVF iftop-0.17.tar.gz # CD iftop-0.17 #./configure--prefix=/usr/local/iftop # make # make Install

4. Use Iftop

#/usr/local/iftop/sbin/iftop < can write this path into the environment variable >

Problems encountered during the installation

1. Make:yacc:Command not Found
Make: * * * [GRAMMAR.C] Error 127

Workaround: Apt-get Install Byacc/yum install BYACC

2, configure:error:curses! Foiled again! Www.111cn.net
(Can ' t find a curses library supporting Mvchgat.)
Consider installing ncurses.

Workaround: Apt-get Install Libncurses5-dev/yum install Ncurses-deve

1, Iftop interface related instructions

The interface shows a scale range similar to the scale, which is used as a ruler for the bar showing the flow graph.
The middle of these two left and right arrows, indicating the direction of the flow
TX: Send Traffic
RX: Receive Traffic
Total: Gross flow
Cumm: Total flow of running iftop to current time
Peak: Peak Flow
Rates: The average traffic of the past 2s 10s 40s respectively

2, the commonly used parameters:

-I set the monitoring network card, such as: # Iftop-i eth1
-B displays traffic in bytes (bits by default), such as: # Iftop-b
-N Causes the host information to appear by default directly to the IP, such as: # Iftop-n
-N causes port information to be displayed directly by default, such as: # Iftop-n
-F shows incoming and outgoing traffic for a specific network segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0
-H (Display this message), Help, display parameter information
-P using this parameter, the middle of the list shows the local host information, the presence of IP information outside the machine;
-B to display the flow graph bar by default;
-P causes host information and port information to be displayed by default;
-M to set the maximum of the top of the interface, the scale is divided into five large segment display, example: # iftop-m 100M

3, after the operation of Iftop Common Interactive command:
Press H to toggle whether to show help;
Press N to toggle the display of the IP or host name of the computer;
Press S to toggle whether the local host information is displayed;
Press D to toggle whether the host information for the remote target host is displayed;
Press T to toggle the display format to 2 lines/1 lines/Show only send traffic/show only receive traffic;
Toggle the display port number or port service name by N;
Press S to toggle whether or not to display the port information of the machine;
Press D to toggle the display of the remote target host's port information;
Press p to toggle whether or not to display port information;
Press p to toggle suspend/continue display;
Whether the average flow graph bar is shown by B switch;
The average flow rate in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;
Press T to toggle whether the total flow of each connection is displayed;
Press L to open screen filtering function, input to filter characters, such as IP, press ENTER, the screen will only display this IP-related traffic information;
Press L to toggle the display of the top of the screen, the scale is different, flow chart will change;
Press J or press K to scroll up or down the screen to display the connection record;
1 or 2 or 3 can be sorted according to the three-column flow data displayed on the right;
Sorted by host name or IP based on the remote target host;
Press O to toggle to show only current connections;
Press Q to exit monitor