Detailed description of IFTOP installation script in CENTOS

Iftop is a good bandwidth traffic monitoring tool for linux.
Each IP address connected to the local machine and real-time traffic are displayed.

Usage: iftop-I eth0
Help: iftop -- help

Iftop

Traffic monitoring tools

Installation script:

#! /Bin/sh
Cd/tmp
Yum install make gcc autoconf flex byacc libpcap ncurses-devel libpcap-devel-y
Wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
Tar-zxvf iftop-0.17.tar.gz
Cd iftop-0.17
./Configure
Make
Make install

If the link in the script is invalid, download the file provided by the following website, decompress it, and install it directly.

Example:

View the real-time traffic of the eth0 network interface:
# Iftop-I eth0

Traffic is displayed in bytes (bytes) (default bits ):
# Iftop-B

The IP address is displayed directly without reverse DNS resolution:
# Iftop-n

The connection port number is displayed directly, but the service name is not displayed:
# Iftop-N

Show inbound and outbound traffic of 192.168.1.0 network segment
# Iftop-F 192.168.1.0/24 (or 192.168.1.0/255.255.255.0)

For other parameters, see the description in iftop-h.
Like top, you can press
& Nbsp; p indicates whether to display the connection port,
N Switch display IP address or host domain name,
N Switch display the connection port code or name,
P pause display,
B. Switch whether the display bar is displayed,
B. Switch to calculate the average traffic in a few seconds,
You can press h to view the description.

You can also ~ /. Iftoprc sets different variables for direct reference in the future.

1. Description of iftop interface

The scale range shown on the page is similar to the scale range of the scale. It is used as a scale for the long strips displaying traffic graphs.

The left and right arrows in the middle indicate the direction of traffic.

TX: send traffic
RX: receive traffic
TOTAL: TOTAL traffic
Cumm: total traffic from running iftop to current time
Peak: traffic peak
Rates: average traffic in the past 2 s, 10 s, and 40 s respectively

2. iftop parameters

Common parameters

-I: sets the monitored Nic, for example: # iftop-I eth1

-B displays traffic in bytes (bits by default), for example: # iftop-B

-N: the host information is directly displayed by default, for example: # iftop-n

-N indicates that port information is directly displayed by default, for example: # iftop-N

-F displays inbound and outbound traffic for a specific network segment, for example, # iftop-F 10.10.1.0/24 or # iftop-F 10.10.1.0/255.255.255.0

-H (display this message), help, display parameter information

-P: When this parameter is used, the local host information is displayed in the intermediate list, and IP information other than the local host is displayed;

-B: The traffic graph bar is displayed by default;

-F this is not very useful for the moment. It is used to filter the computing package;

-P: The host information and port information are displayed by default;

-M: set the maximum value of the scale at the top of the page. The scale is displayed in five segments. For example: # iftop-m 100 M

Some operation commands after entering the iftop screen (case sensitive)

Switch by h to see if the help is displayed;

Switch by n to display the local IP address or host name;

Switch by s to check whether the host information of the local machine is displayed;

Switch by d to whether the host information of the remote target host is displayed;

The display format of switching by t is 2 rows/1 line/only show sent traffic/only show received traffic;

Switch by N to display the port number or port service name;

Switch by S to check whether the port information of the local machine is displayed;

Whether to display the port information of the remote target host based on D;

Switch by p to see whether port information is displayed;

Press P to switch to pause/continue display;

Switch by B to see whether the average traffic graph is displayed;

Calculate the average traffic of 2 seconds, 10 seconds, or 40 seconds based on B switching;

Whether to display the total traffic of each connection during T-based switchover;

Press l to enable the screen filtering function. Enter the characters to filter, such as ip address. Press enter to display only traffic information related to this IP address;

Switch the scale on the top of the display screen by L; the traffic graph bar varies depending on the scale;

Press j or k to scroll up or down the connection records displayed on the screen;

You can sort the data by 1, 2, or 3 based on the traffic data in the three columns displayed on the right;

Sort by <according to the local name or IP address on the left;

Sort by> by the host name or IP address of the remote target host;

Whether o-based switchover is fixed only displays the current connection;

Press f to edit and filter the code. This is a translation, and I have never used this!

Press! You can use shell commands. This is useless! I don't understand what the command works here!

Press q to exit monitoring.