CentOS-nic Real-time Monitoring Tool-iftop

Recently, the company wants to launch a product and needs to understand the traffic consumed by the Service to evaluate the hardware-level bandwidth requirements required by the system architecture.

Iftop is a real-time traffic monitoring tool that can be used to monitor all the real-time traffic passing through the network card (you can specify the network segment), reverse resolution IP, display port information, and so on.

1. Download, compile and install the SDK.

# Wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

# Yum install libpcap-devel-y

# Tar xf iftop-0.17.tar.gz

# Cd iftop-0.17

#./Configure -- prefix =/usr/local/iftop; make install

# Ln-s/usr/local/iftop/sbin/iftop/usr/local/bin/

2. Run the iftop command

# Iftop-n-I eth0-P

3. Description of the iftop command interface:

The scale range shown on the page is similar to the scale range of the scale. It is used as a scale for the long strips displaying traffic graphs.

The left and right arrows in the middle indicate the direction of traffic.
TX: Send traffic
RX: receive traffic
TOTAL: TOTAL traffic
Cumm: total traffic from running iftop to current time
Peak: traffic peak
Rates: average traffic in the past 2 s, 10 s, and 40 s respectively

4. Common iftop Parameters

-I sets the monitored Nic, for example, only monitoring eth1 NIC: # iftop-I eth1

-B displays traffic in bytes (bits by default), for example: # iftop-B
-N: the host information is directly displayed by default, for example: # iftop-n
-N indicates that port information is directly displayed by default, for example: # iftop-N
-F displays inbound and outbound traffic for a specific network segment, for example, # iftop-F 10.10.1.0/24 or # iftop-F 10.10.1.0/255.255.255.0
-H (display this message), help, display parameter information
-P: When this parameter is used, the local host information is displayed in the intermediate list, and IP information other than the local host is displayed;
-B: The traffic graph bar is displayed by default;
-F this is not very useful for the moment. It is used to filter the computing package;
-P: the host information and port information are displayed by default;

-M: set the maximum value of the scale at the top of the page. The scale is displayed in five segments. For example: # iftop-m 100 M

5. Access the iftop command line and support Background operation commands (similar to top, quick commands are supported)

Switch by h to see if the help is displayed;
Switch by n to display the local IP address or host name;
Switch by s to check whether the host information of the local machine is displayed;
Switch by d to whether the host information of the remote target host is displayed;
The display format of switching by t is 2 rows/1 line/only show sent traffic/only show received traffic;
Switch by N to display the port number or port service name;
Switch by S to check whether the port information of the local machine is displayed;
Whether to display the port information of the remote target host based on D;
Switch by p to see whether port information is displayed;
Press P to switch to pause/continue display;
Switch by B to see whether the average traffic graph is displayed;
Calculate the average traffic of 2 seconds, 10 seconds, or 40 seconds based on B switching;
Whether to display the total traffic of each connection during T-based switchover;
Press l to enable the screen filtering function. Enter the characters to filter, such as ip address. Press enter to display only traffic information related to this IP address;
Switch the scale on the top of the display screen by L; the traffic graph bar varies depending on the scale;
Press j or k to scroll up or down the connection records displayed on the screen;
You can sort the data by 1, 2, or 3 based on the traffic data in the three columns displayed on the right;
Sort by <according to the local name or IP address on the left;
Sort by> by the host name or IP address of the remote target host;
Whether o-based switchover is fixed only displays the current connection;
Press f to edit and filter the Code. This is a translation, and I have never used this!
Press! You can use shell commands. This is useless! I don't understand what the command works here!
Press q to exit monitoring.