In linux/Unix-like systems, you can use top to view information such as system resources, processes, memory consumption, and so on. View network status You can use Netstat, nmap and other tools. To see real-time network traffic, monitor TCP/IP connectivity, and so on, you can use Iftop.
What is Iftop?
Iftop is mainly used to display the local network traffic situation and the traffic sets of each other, such as the amount of traffic between the individual machines, is very suitable for proxy server and iptables server use.
What's the use of iftop?
Iftop can be used to monitor the real-time traffic of the network card (can specify the network segment), reverse resolution of IP, display port information, etc., detailed will be described in the following usage parameters.
Installing Iftop
If the use of compiled installation can go to the Iftop official website to download the latest source package. Pre-installation requires the installation of the necessary environment for the basic compilation, such as Make, GCC, autoconf and so on. Installing the Iftop also requires the installation of Libpcap and libcurses.
Install the required dependency packages on CentOS:
Yum Install gcc Flex byacc libpcap ncurses ncurses-devel libpcap-devel tcpdump
Attached: Debian installs the required dependent packages:
Install Flex BYACC libpcap0. 8 libncurses5
Download the source code and compile the installation
1# cd/usr/local/src2#wgethttp//www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz3#TarXVF iftop-0.17.Tar. GZ4# CD iftop-0.175#./configure--prefix=/usr/local/Iftop6# Make7# Make Install8#chmod the/usr/local/iftop/sbin/iftop
How to use
1 /usr/local/iftop/sbin/iftop
or copy the iftop to/usr/bin/iftop, such as:
CP /usr/local/iftop/sbin/iftop/usr/bin/
You can execute the iftop command directly from anywhere.
Related parameters and description
1, Iftop interface related
Interface shows a scale range similar to scale, which is used as a ruler for displaying the strip of the traffic graph. The <= in the middle and the two left and right arrows indicate the direction of the flow.
TX: Send traffic
RX: Receive traffic
Total: Overall traffic
Cumm: Total traffic running iftop to current time
Peak: Traffic spikes
Rates: represents the average traffic for the past 2s 10s 40s
2, Iftop Related Parameters
-I settings monitor network card, such as: # iftop-i eth1
-B display traffic in bytes (default is bits), such as: # Iftop-b
-n so that the host information is directly displayed by default IP, such as: # Iftop-n
-N causes port information to be displayed by default directly, such as: # Iftop-n
-F to show traffic to and from a specific segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0
- H (Display this message), Help, display parameter information
-p after using this parameter, the middle list displays the local host information, and the IP information outside of this computer appears;
-B to display the flow graph bar by default;
-F This is not very likely to use, filter the calculation of the packet;
-P causes host information and port information to be displayed by default;
-M sets the maximum scale at the top of the interface, with a scale of five large segments, for example: # iftop-m 100M
3. Some operation commands after entering the Iftop screen (note case)
Press H to toggle whether help is displayed;
Press N to toggle the display of the IP or host name of the machine;
Press S to toggle whether the host information of the machine is displayed;
Press D to toggle whether the host information of the remote target hosts is displayed;
Press T to toggle the display format to 2 lines/1 lines/Only send traffic/show receive traffic only;
Press N to toggle display port number or port service name;
Press S to toggle whether to display the port information of the machine;
Press D to toggle whether the port information of the remote target host is displayed;
Press p to toggle whether the port information is displayed;
Press p to toggle pause/resume display;
Press B to toggle whether the average flow graph bar is displayed;
The average flow in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;
Press T to toggle whether the total traffic for each connection is displayed;
Press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only show this IP-related traffic information;
Press L to toggle the scale on the top of the display screen, and the flow graph bar will change depending on the scale;
Press J or press K to scroll up or down the screen to display the connection record;
Press 1 or 2 or 3 to sort by the three-column traffic data displayed on the right;
Sort by < According to the native name or IP on the left;
Sort by > According to the host name or IP of the remote target host;
Press O to toggle whether the current connection is fixed only;
Press F to edit the filter code, this is translated by the saying, I have not used this!
You can use the shell command, this is useless! I don't know what the order is.
Press Q to exit the monitor.
Iftop Practice of bandwidth flow tool under Linux