* This article transferred from Ggjucheng's blog
Introduced
Iftop is a real-time traffic monitoring tool, monitoring TCP/IP connectivity, the disadvantage is no reporting function. Must be root to run.
Instance
The default is to monitor the first network card traffic
Iftop
Monitoring eth1
Iftop-i eth1
Direct IP display, no DNS reverse resolution
Iftop-n
The port number is displayed directly, and the service name is not displayed:
Iftop-n
Show a network segment incoming and outgoing packet traffic
Iftop-f 192.168.1.0/24 or 192.168.1.0/255.255.255.0
Explanation of output meaning based on examples
After performing the iftop-n-n-i eth1 the interface is
19.1Mb 38.1Mb 57.2Mb 76.3Mb 95.4mb+-----------------+-- ---------------+--------------------+--------------------+---------------------192.168.1.11 = = 192.168.1.66 5.3Mb 3.22Mb 3.20Mb <= 219kb 45.7kb 49.3kb192.168.1.11 = 192.168.1.29 144KB 30.8kb 29.6kb <= 11.3Mb 2.38Mb 2. 74mb192.168.1.11 = 12.2.11.71 0b 6.40kb 6.66kb <= 0b 0b 0b192.168.1.11 = = 192.168.1.8 2.63kb 1.43kb 932b <=1.31kb 1.05kb 893b192.168.1.11 = 192.168.2.78 2.53kb 1.54kb 2.1 5kb <= 160b 160b 187b192.168.1.11 = = 111.126.195.69 0b 166b 69b <= 0b 0b 0b------------------------------------------------------------- -----------------------------------------TX:CUM:9.70MB PEAK:15.6MB Rates: 15.4Mb 3.26Mb 3.23mbrx:8.38mb 14.9Mb 11.5Mb 2.42Mb 2.7 9MBTOTAL:18.1MB 30.5Mb 27.0Mb 5.69Mb 6.03Mb
The Iftop interface has the following meanings
The first line: The bandwidth shows the middle section: the list of external connections, that is, which IP is logged to the right of the middle part of the network connection of this computer: the real-time parameters are the access IP connected to the local 2 seconds, 10 seconds and 40 seconds of average traffic = Send data, <= represents the bottom three lines of data received: Receive and all traffic bottom three row second column: For you run iftop to current traffic bottom three row the third column: For peak value bottom three row fourth column: mean
Through the Iftop interface it is easy to find which IP is hogging the network traffic, this is ifstat do not. However, the Iftop traffic display unit is MB, this b is bit, is bits, not bytes, and ifstat KB, this b is byte, Byte is 8 times times the bit. Beginners are apt to be misled.
Order to enter Iftop
After entering the iftop screen some operation command (note case) press H to toggle whether to display Help, press N to toggle display the IP or host name of the machine, press S to toggle whether the host information is displayed, press D to toggle whether the host information of the remote target hosts is displayed, or toggle the display format to 2 lines/1 lines per t Show only send traffic/display only receive traffic, press N to toggle display port number or port service name, press S to toggle whether to display local ports information, press D to toggle display port information of remote target host, press p to toggle to show port information, toggle to suspend/resume display by P, toggle to show average flow graph bar by B; Press B to calculate the average flow rate of 2 seconds or 10 seconds or 40 seconds; press T to toggle whether the total flow of each connection is displayed; Press L to turn on screen filtering, enter the characters to filter, such as IP, press ENTER, the screen will only display this IP-related traffic information, press L to toggle the display of the top of the scale; The flow graph bar will change, press J or press K to scroll up or down the connection record displayed on the screen, press 1 or 2 or 3 to sort according to the three-column traffic data displayed on the right, sort by < According to the local name or IP on the left, and by > According to the host name or IP of the remote target host; Press O to toggle whether the current connection is fixed only, press F to edit the filter code, which is translated by the saying, I have not used this! You can use the shell command, this is useless! I don't know what the order is. Press Q to exit the monitor.
Linux real-time traffic monitoring tool-iftop