Traffic and total traffic used by the Linux monitoring process---iftop tool

First, follow the dependent package yum-y Install Flex BYACC libncurses

Second, according to the dependency package Libpcap

Tar zxvf libpcap-1.1.1.tar.gz

CD libpcap-1.1.1

./configure

Make && make install

Third, installation Iftop

Tar zxvf iftop-0.17.tar.gz

CD iftop-0.17

./configure

Make

Make install

Iv. possible problems with installation

CentOS may encounter problems:

Checking POSIX threads usability ... configure:error:it fails. We probably guessed

The wrong CFLAGS.

Probably can't find the libpcap.so file, to/usr/lib below, found that there are libpcap.so.0

libpcap.so.0.9.4

Prove to have this version, but not be recognized, make a soft connection ln-s libpcap.so.9.4 libpcap.so

Just OK! It is also very convenient to change the version.

Redhat may be caused by the following problems:

If Libpcap uses source installation may cause the following error to be reported when the Libpcap.so library file is not found when installing iftop

Checking POSIX threads usability ... configure:error:it fails. We probably guessed the

Wrong CFLAGS (source installation problems can be solved by the following method)

You can add the following path under the/etc/ld.so.conf below with the libpcap.so file

/usr/local/lib/

After execution

Ldconfig

Re-execute./configure

V. Instructions for use of iftop

1, Iftop interface related instructions

The interface above shows a scale range similar to that of the scale, which is used as a ruler for the bar showing the flow graph.

The <= in the middle and the two left and right arrows indicate the direction of the flow.

TX: Send Traffic

RX: Receive Traffic

Total: Overall flow

Cumm: Total traffic running iftop to current time

Peak: Traffic Peaks

Rates: Represents the average traffic for the past 2s 10s 40s, respectively

2, Iftop related parameters

Common parameters

-I set the monitoring network card, such as: # Iftop-i eth1

-B displays traffic in bytes (default is bits), such as: # Iftop-b

-N Causes the host information to display IP directly by default, such as: # Iftop-n

-N causes port information to be displayed by default directly, such as: # Iftop-n

-F shows incoming and outgoing traffic for a specific segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0

-H (Display this message), Help, display parameter information

-p after using this parameter, the middle list shows the local host information, and the IP information outside of this machine appears;

-B to display the flow graph bar by default;

-F This is not very likely to use, filter the calculation of the packet;

-P enables host information and port information to be displayed by default;

-M sets the maximum value of the top-most scale of the interface, with a scale of five large segments, for example: # iftop-m 100M

Some operation commands after entering the Iftop screen (note case)

Press H to toggle whether help is displayed;

Press N to toggle the display of the IP or host name of the machine;

Press S to toggle whether the host information of the machine is displayed;

Press D to toggle whether the host information of the remote target hosts is displayed;

Press T to toggle the display format to 2 lines/1 lines/Only send traffic/show receive traffic only;

Press N to toggle display port number or port service name;

Press S to toggle whether to display the port information of the machine;

Press D to toggle whether the port information of the remote target host is displayed;

Press p to toggle whether the port information is displayed;

Press p to toggle pause/resume display;

Press B to toggle whether the average flow graph bar is displayed;

The average flow in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;

Press T to toggle whether the total traffic for each connection is displayed;

Press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only show this IP-related traffic information;

Press L to toggle the scale on the top of the display screen, and the flow graph bar will change depending on the scale;

Press J or press K to scroll up or down the screen to display the connection record;

Press 1 or 2 or 3 to sort by the three-column traffic data displayed on the right;

Sort by < According to the native name or IP on the left;

Sort by > According to the host name or IP of the remote target host;

Press O to toggle whether the current connection is fixed only;

Press F to edit the filter code, this is translated by the saying, I have not used this!

You can use the shell command, this is useless! I don't know what the order is.

Press Q to exit the monitor.