Linux environment iftop Roaming monitoring Tool installation configuration

First, Introduction

Iftop is a real-time traffic monitoring tool under Unix-like system, which can monitor TCP/IP connection, and also can monitor the reverse resolution IP and display port information.

Experimental environment: Centos 6.6 x86_64

Iftop Version: 0.17

Installation method: Compile

Note: can also be installed directly with Yum, version iftop-1.0-0.7.pre4.el6.x86_64

Second, start the installation

1. Download the source package

Http://www.ex-parrot.com/~pdw/iftop can be downloaded from official website

2. Start the installation

Install Dependency Pack #yum Install Flex BYACC libpcap libpcap-devel ncurses ncurses-devel-y unzip iftop and compile install #tar XF iftop-0.17.tar.gz-c/usr/ LOCAL#CD/USR/LOCAL#LN-SV IFTOP-0.17/IFTOP#CD iftop#./configure#make && make install view the iftop command path for the installation #which Iftop/usr/local/sbin/iftop

3. Introduction of command use

Iftop default is to monitor the traffic of the first NIC, if you want to monitor the other using the-I parameter specified as follows:

#iftop-I lo # #结果如

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/83/31/wKioL1ds1m7xXBNdAABJjbYEfZM328.png-wh_500x0-wm_3 -wmp_4-s_395823065.png "title=" 01.png "alt=" Wkiol1ds1m7xxbndaabjjbyefzm328.png-wh_50 "/>

Direct IP display, no DNS anti-resolution (no-n parameter is DNS resolved)

#iftop-N # #结果如

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/83/31/wKioL1ds1-XAoh16AABpuvlO41I018.png-wh_500x0-wm_3 -wmp_4-s_3832507361.png "title=" 02.png "alt=" Wkiol1ds1-xaoh16aabpuvlo41i018.png-wh_50 "/>

#iftop-N # #显示主机名, such as:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/83/32/wKiom1ds2RDhuc0oAABxLiRqI0o144.png-wh_500x0-wm_3 -wmp_4-s_1027449423.png "title=" 03.png "alt=" Wkiom1ds2rdhuc0oaabxlirqi0o144.png-wh_50 "/>

#iftop-F 192.168.1.0/24 # #显示某个网段进出包流量或者 #iftop-f 192.168.1.0/255.255.255.0#iftop-n-n-i eth1 # #可以组合命令查看

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/83/33/wKiom1ds3mnQEIWdAABncdxK3lA698.png-wh_500x0-wm_3 -wmp_4-s_3337836316.png "title=" 04.png "alt=" Wkiom1ds3mnqeiwdaabncdxk3la698.png-wh_50 "/>

Interface meaning Explanation:

First line: Bandwidth display

middle section: An external connection IP list that records which IP is being connected to the local network

Right: The real-time parameters represent the average traffic of the access IP to the native 2 seconds, 10 seconds, 40 seconds, respectively.

= = Sends the data, <= indicates that the data is received

Bottom three lines: Indicates send, receive, total traffic

Bottom three row the second column: cum: Total traffic running iftop to current time

Bottom three row third column: Peak: Traffic spikes

Bottom three row fourth column: rates: mean traffic for the past 2s 10s 40s, respectively

Special Note: It is easy to find which IP is taking up the network traffic through the Iftop interface, this is Ifstat. However, the Iftop traffic display unit is MB, this b is bit, is bits, not bytes, and ifstat KB, this b is byte, Byte is 8 times times the bit. So you need to convert, you will see, such as 178Kb conversion to KB 178/8 is approximately equal to 22KB

4. Order to enter Iftop

Some operation commands after entering the Iftop screen (note case)

Press H to toggle the display of help, press N to toggle display the IP or hostname of the machine, press S to toggle whether the host information is displayed, press D to toggle whether the host information of the remote target hosts is displayed, press T to toggle the display format to 2 lines/1 lines/Show only send traffic/show only received traffic; Press N to toggle the display port number or port service name, press S to toggle whether the port information is displayed, press D to toggle whether the port information for the remote destination host is displayed, toggle to display port information in lowercase p, toggle pause/Resume Display by upper case, or toggle to display the average flow graph bar by B; Press B to calculate the average flow rate of 2 seconds or 10 seconds or 40 seconds; press T to toggle whether the total traffic for each connection is displayed, (in kilobytes) press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only display this IP-related traffic information; Different scales, the flow graph bar will change, press J or press K to scroll up or down the screen display of the connection record, press 1 or 2 or 3 can be sorted according to the three columns of traffic data displayed on the right, by < According to the left of the local name or IP sort; Press > Sort by the host name or IP of the remote destination host; Press O to toggle whether the current connection is fixed only, press F to edit the filter code, which is translated by the saying, I have not used this! You can use the shell command, this is useless! I don't know what the order is. Press Q to exit the monitor.

Reference Link: http://www.cnblogs.com/chaichuan/p/4442610.html

The shortcomings, please point out a lot!

This article is from the "Knowledge System" blog, please be sure to keep this source http://linuxg.blog.51cto.com/4410110/1792616

Linux environment iftop Roaming monitoring Tool installation configuration