Linux network traffic Real-time monitoring Ifstat iftop command Detailed (reprint)

Transferred from: http://www.cnblogs.com/ggjucheng/archive/2013/01/13/2858923.html

Ifstat

Introduced

Ifstat tool is a network interface monitoring tool, relatively simple to see network traffic

Instance

Default usage

#ifstat       eth0                eth1        KB        in Out    0.07      0.20      0.00      0.00    0.07      0.15      0.58      0.00

The default ifstat does not monitor the loopback interface, and the displayed traffic Unit is KB.

Monitor all network interfaces

# Ifstat-a lo eth0 eth1 KB/sinchkb/s outkb/sinchkb/s outkb/sinchkb/s out    0.00      0.00      0.28      0.58      0.06      0.06    0.00      0.00      1.41      1.13      0.00      0.00    0.61      0.61      0.26      0.23      0.00      0.00

Ifstat relatively simple look at the network traffic overview.

Iftop

Introduced

Iftop is a real-time traffic monitoring tool, monitoring TCP/IP connectivity, the disadvantage is no reporting function. Must be root to run.

Instance

The default is to monitor the first network card traffic

Iftop

Monitoring eth1

Iftop-i eth1

Direct IP display, no DNS reverse resolution

Iftop-n

The port number is displayed directly, and the service name is not displayed:

Iftop-n

Show a network segment incoming and outgoing packet traffic

192.168. 1.0/192.168. 1.0/255.255. 255.0

Explanation of output meaning based on examples

After performing the iftop-n-n-i eth1 the interface is

                  +.1Mb -.1Mb $.2Mb the.3Mb the. 4Mb+-----------------+-----------------+--------------------+--------------------+---------------------192.168.1.11=192.168.1.66                  5.3Mb3.22Mb3. 20Mb<= 219kb $.7kb the. 3KB192.168.1.11=192.168.1.29144kb -.8kb in. 6kb<= One.3Mb2.38Mb2. 74Mb192.168.1.11=12.2.11.710b6.40kb6. 66kb<=0b 0b 0b192.168.1.11=192.168.1.8                   2.63kb1. 43kb 932b<=1.31kb1. 05kb 893b192.168.1.11=192.168.2.78                 2.53kb1.54kb2. 15kb<=160b 160b 187b192.168.1.11=111.126.195.690b 166b 69b<=0b 0b 0b------------------------------------------------------------------------------------------------------Tx:cum:9.70MB Peak: the.6Mb Rates: the.4Mb3.26Mb3. 23MbRX:8.38MB -.9Mb One.5Mb2.42Mb2. 79MbTOTAL: -.1MB -.5Mb -.0Mb5.69Mb6.03Mb

The Iftop interface has the following meanings

The first line: The bandwidth shows the middle section: the list of external connections, that is, which IP is logged to the right of the middle part of the network connection to this computer: the real-time parameters are the access IP connected to the native 2 seconds, 10 seconds and 40 seconds of average traffic = Send data, <=  Represents the received data at the bottom of three rows: represents the Send, receive, and all traffic at the bottom of the three row second column: For you to run Iftop to the current traffic bottom three row the third column: For peak value bottom three row fourth column: Mean

Through the Iftop interface it is easy to find which IP is hogging the network traffic, this is ifstat do not. However, the Iftop traffic display unit is MB, this b is bit, is bits, not bytes, and ifstat KB, this b is byte, Byte is 8 times times the bit. Beginners are apt to be misled.

Order to enter Iftop

after entering the iftop screen some operation command (note case) press H to toggle whether to display Help, press N to toggle display the IP or host name of the machine, press S to toggle whether the host information is displayed, press D to toggle whether the host information of the remote target hosts is displayed, or toggle the display format to 2 lines /1 rows/Only send traffic/only show receive traffic, press N to toggle display port number or port service name, press S to toggle whether to display local ports information, press D to toggle display port information for remote target host, press p to toggle whether port information is displayed , toggle pause by P continue to display, press B to toggle whether the average flow graph bar is displayed, and the average flow in 2 seconds or 10 seconds or 40 seconds is calculated by the B switch, the total flow of each connection is displayed by the T switch, the screen filter function is turned on, and the characters to be filtered are entered, such as IP, after press ENTER, The screen will only display this IP-related traffic information, press L to toggle the display top of the scale, the scale is different, the flow graph bar will change, press J or press K to scroll up or down the screen display of the connection record; press 1 or 2 or 3 to sort by the three-column flow data displayed on the right; Press < sort According to the local name or IP on the left; Sort by > according to the host name or IP of the remote target host; Press O to toggle whether the current connection is fixed only, press F to edit the filter code, which is translated, I have not used this! Press ! You can use the shell command, this is useless! I don't know what the order is. Press Q to exit the monitor. 

Linux network traffic Real-time monitoring Ifstat iftop command Detailed (reprint)