Linux traffic monitoring tool usage Summary-iftop

Linux traffic monitoring tool usage Summary-iftop allows you to use top in Unix-like systems to view system resources, processes, memory usage, and other information. To view the network status, you can use tools such as netstat and nmap. To view real-time network traffic and monitor TCP/IP connections, you can use iftop. I. What is iftop? Iftop is a real-time traffic monitoring tool similar to top. Ii. What is the use of iftop? Iftop can be used to monitor the network card's real-time traffic (network segment can be specified), reverse resolution IP address, display port information, and so on. The detailed description will be described in the following parameters. 3. Install iftop. 1. Compile and install the latest source code package on the iftop official website. Before installation, you must have installed the environment required for basic compilation, such as make, gcc, and autoconf. To install iftop, you also need to install libpcap and libcurses. Install the required dependency package on CentOS: yum install flex byacc libpcap ncurses-devel libpcap-devel download iftop wget http://www.ex-parrot.com/pdw/iftop/download/iftop-1.0pre2.tar.gz tar zxvfiftop-1.0pre2.tar.gz cdiftop-1.0pre2 installation. /configure make & make install 4. Run iftop 2. Common parameters related to iftop are monitored by default. iftop monitors the traffic of the first Nic. iftop monitors eth1 iftop-I eth1 to directly display IP addresses, if DNS anti-resolution is not performed, iftop-n directly displays the connection port number, and the service name is not displayed: iftop-N displays the inbound and outbound traffic of a certain network segment iftop-F 192.168.1.0/24 or 192.168.1.0/255.255.255.0-I sets the network card for monitoring, for example: # iftop-I eth1-B displays traffic in bytes (bits by default), for example: # iftop-B-n: the host information is displayed directly by default, for example, # iftop-n-N: the port information is displayed directly by default, for example: # iftop-N-F displays inbound and outbound traffic for a specific network segment, for example, # iftop-F 10.10.1.0/24 or # iftop-F 10.10.1.0/255.255.255.0-h (display this message). Help, show parameter information-p after using this parameter, the local host information is displayed in the list in the middle, and IP information other than the local host is displayed.-B displays the traffic graph by default; -f is not very useful for the moment. filter the calculation package.-P displays host information and port information by default.-m sets the maximum scale on the top of the interface, the scale is displayed in five sections, for example: # iftop -M 100 M after iftop-N-n-I eth1 is executed, the page is 19.1 Mb 38.1 Mb 57.2 Mb 76.3 Mb + ------------------- + accept + ---------------- + accept 192.168.1.11 => 192.168.1.66 5.3 Mb 3.22 Mb 3.20 Mb <= 219kb 45.7kb 49.3kb 192.168.1.11 => 192.168.1.29 144kb large capacity <= 11.3 Mb 2.38 Mb 2.74 Mb 192.168.1.11 => 12.2.11.71 0b 6.40kb 6.66kb <= 0b 0b 0b 192.168.1.11 => 192.168.1.8 2. 63kb 1.43kb 932b <= 1.31kb 1.05kb 893b 192.168.1.11 => 192.168.2.78 2.53kb 1.54kb 2.15kb <= 160b 160b 187b 192.168.1.11 => 1160b 166b 69b <= 0b 0b 0b 116tx: cum: 9.70 MB peak: 15.6 Mb rates: 15.4 Mb 3.26 Mb 3.23 Mb RX: 8.38 MB 14.9 Mb 11.5 Mb 2.42 Mb 2.79 Mb TOTAL: 18.1 MB 30.5 Mb 27.0 Mb 5.69 Mb 6.0 The 3 Mb iftop interface has the following meanings: the first line shows the intermediate part of the bandwidth: The External Connection list, that is, the right side of the intermediate part of the network connection between the ip address and the local machine: real-time parameters are the average traffic of the access ip address connected to the local machine for 2 seconds, 10 seconds, and 40 seconds respectively. => indicates sending data, <= indicates receiving data at the bottom of three rows: Indicates sending, receiving and all traffic bottom three rows second column: Run iftop for you to the current traffic bottom three rows third column: high peak bottom three rows fourth column: Average TX: Send traffic RX: receive traffic TOTAL: total Traffic Cumm: total traffic from iftop to current time peak: peak traffic rates: it indicates that the average traffic of the past 2 s, 10 s, and 40 s is easily located on the iftop interface, which occupies network traffic. This is not what ifstat can do. However, the traffic display unit of iftop is Mb. The B is bit, bit, not byte, And the KB of ifstat. The B is byte, And the byte is eight times the bit. Beginners are easily misled. Some operation commands (case-sensitive) that enter the iftop screen are switched by h to show help. The IP address or Host Name of the local machine is displayed by n; switch by s to check whether the host information of the local machine is displayed; Switch by d to check whether the host information of the remote target host is displayed; the display format of switch by t is 2 rows/1 line/display only sent traffic/display only received traffic; Switch by N display port number or port service name; switch by S to check whether the local port information is displayed; Switch by D to check whether port information of the remote target host is displayed; Switch by p to check whether port information is displayed; Switch by P to pause/continue to display; whether to display the average traffic graph bar by B switching; calculate the average traffic of 2 seconds, 10 seconds, or 40 seconds based on B switching; Whether to display the total traffic of each connection by T switching; enable the screen filtering function by pressing l. Enter the characters to be filtered, such as ip address. Press enter to display only traffic information related to this IP address. Then, switch the scale above the display screen by pressing L; different Scales may change the traffic graph bar. You can scroll up or down the connection records displayed on the screen by j or k. By 1 or 2 or 3, you can follow the three displayed on the right. Sort the column traffic data by <sort by the local name or IP address on the left; by> sort by the host name or IP address of the remote target host; by o switch whether the current connection is fixed or not; press f to edit and filter the Code. This is a translation, and I have never used this! Press! You can use shell commands. This is useless! I don't understand what the command works here! Press q to exit monitoring.