Linux Traffic monitoring Tool-iftop

iftop Tools Overview

Today saw a flow monitoring tools, feel good, on their own server installed a bit, record, stay after the need;

In Unix-like systems, you can use top to view information such as system resources, processes, memory consumption, and so on. View network status You can use Netstat, nmap and other tools. To see real-time network traffic, monitor TCP/IP connections, and so on, you can use iftop;iftop is a real-time traffic monitoring tool similar to top, which can be used to monitor the real-time traffic of network cards (can specify network segments), reverse IP resolution, Display port information, etc., will be described in detail in the following usage parameters:

Use Iftop-p to locate the maximum flow port

Iftop Interface Related Instructions

The interface above shows a scale range similar to that of the scale, which is used as a ruler for the bar showing the flow graph.

The <= in the middle and the two left and right arrows indicate the direction of the flow.

• TX: Send Traffic
• RX: Receive Traffic
• Total: Overall flow
• Cumm: Total traffic running iftop to current time
• Peak: Traffic Peaks
• Rates: Represents the average traffic for the past 2s 10s 40s, respectively

Based on Port locator PID

The image in the red box directly shows the HTTP service, of course, if only display the port number and we do not know what program, you can use the following steps to confirm:

[Email protected] sbin]# lsof-i:45294   

The above code can further determine the PID

Determine the name of the process based on the process PID

[Email protected] sbin]# cat/proc/pid/cmdline

Then you can see the program that runs, and finally you can analyze why the program consumes so much traffic.

iftop Tool Installation

Pre-installation requires the installation of the necessary environment for the basic compilation, such as Make, GCC, autoconf and so on. Installing Iftop also requires installing LIBPCAP and libcurses

Install the required dependency package (CentOS)

[email protected] sbin]# Yum install flex BYACC  libpcap ncurses ncurses-devel libpcap-devel

Compiling and installing the Iftop tool
1) Download the Iftop tool source package;

[Email protected] ~]# wget http://oss.aliyuncs.com/aliyunecs/iftop-0.17.tar.gz

2) Unzip the downloaded Iftop file

[Email protected] ~]# tar zxvf iftop-0.17.tar.gz

3) Enter into the extracted iftop directory

4) Configure and develop the installation directory for the/usr/local/iftop directory

[Email protected] iftop-0.17]#./configure–prefix=/usr/local/iftop

5) Compile and install

[[email protected] iftop-0.17]# make && make install

After the installation is complete, use/usr/local/iftop/sbin/iftop to start the Iftop program directly to see traffic usage, if you want to use Iftop way to open the program directly, you need to add the Iftop program to the environment variable

Problems encountered

Make:yacc:Command not found
Make: * * * [GRAMMAR.C] Error 127

Workaround: Apt-get Install BYACC   /   yum install BYACC

configure:error:curses! Foiled again!
(Can ' t find a curses library supporting Mvchgat.)
Consider installing ncurses.

Workaround: Apt-get Install Libncurses5-dev  /    yum  install Ncurses-devel

Common Parameters

-I set the monitoring network card, such as: # Iftop-i eth1

-B displays traffic in bytes (default is bits), such as: # Iftop-b

-N Causes the host information to display IP directly by default, such as: # Iftop-n

-N causes port information to be displayed by default directly, such as: # Iftop-n

-F shows incoming and outgoing traffic for a specific segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0

-H (Display this message), Help, display parameter information

-p after using this parameter, the middle list shows the local host information, and the IP information outside of this machine appears;

-B to display the flow graph bar by default;

-F This is not very likely to use, filter the calculation of the packet;

-P enables host information and port information to be displayed by default;

-M sets the maximum value of the top-most scale of the interface, with a scale of five large segments, for example: # iftop-m 100M

　

some operation commands after entering the Iftop screen (note case)

Press H to toggle whether help is displayed;

Press N to toggle the display of the IP or host name of the machine;

Press S to toggle whether the host information of the machine is displayed;

Press D to toggle whether the host information of the remote target hosts is displayed;

Press T to toggle the display format to 2 lines/1 lines/Only send traffic/show receive traffic only;

Press N to toggle display port number or port service name;

Press S to toggle whether to display the port information of the machine;

Press D to toggle whether the port information of the remote target host is displayed;

Press p to toggle whether the port information is displayed;

Press p to toggle pause/resume display;

Press B to toggle whether the average flow graph bar is displayed;

The average flow in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;

Press T to toggle whether the total traffic for each connection is displayed;

Press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only show this IP-related traffic information;

Press L to toggle the scale on the top of the display screen, and the flow graph bar will change depending on the scale;

Press J or press K to scroll up or down the screen to display the connection record;

Press 1 or 2 or 3 to sort by the three-column traffic data displayed on the right;

Sort by < According to the native name or IP on the left;

Sort by > According to the host name or IP of the remote target host;

Press O to toggle whether the current connection is fixed only;

Press F to edit the filter code, this is translated by the saying, I have not used this!

You can use the shell command, this is useless! I don't know what the order is.

Press Q to exit the monitor.

More Tools

Usually locating process traffic can also be used to iptraf,nethogs, etc.

Iptraf can refer to: http://linuxperf.com/?p=11

Nethogs can refer to: http://man.linuxde.net/nethogs

Bmon Tool Reference: http://blog.sina.com.cn/s/blog_706476980101gliu.html

Linux Traffic monitoring Tool-iftop