Linux Iftop Network card Traffic monitoring Tool command Daquan

Iftop is mainly used to show the local network traffic and the flow of communication between each other, such as the size of the flow between the individual and that machine, is very suitable for proxy server and iptables server use to view network status can use Netstat, nmap and other tools. To view real-time network traffic, monitor TCP/IP connections, and so on, you can use Iftop.

First, what is Iftop?

Iftop is a real-time traffic monitoring tool similar to top.

Second, what is the use of iftop?

Iftop can be used to monitor the real-time traffic of the network card (you can specify the network segment), the reverse resolution of IP, display port information, and so on, detailed will be described in the use of parameters later.

Iii. installation of Iftop

Installation Method 1, compiling installation

If the installation can be compiled to iftop official website Download the latest source package.

Before installation, you need to have the necessary environment for basic compilation, such as Make, GCC, autoconf, etc. Installation of Iftop also requires the installation of Libpcap and libcurses.

To install the required dependent packages on the CentOS:

Yum Install Flex BYACC libpcap ncurses ncurses-devel libpcap-devel

Install the required dependent packages on Debian:

Apt-get Install Flex BYACC libpcap0.8 libncurses5

Download Iftop

wget http://www.ex-parrot.com/pdw/iftop/download/iftop-1.0pre2.tar.gz

Tar zxvf iftop-1.0pre2.tar.gz

CD Iftop-1.0pre2

./configure

Make && make install

Installation Method 2: (lazy person method, simplest)

Omit the above steps directly

CentOS System:

Yum Install Flex BYACC libpcap ncurses ncurses-devel

wget ftp://fr2.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/iftop-1.0pre2-1.el5.rf.i386.rpm

RPM-IVH iftop-1.0pre2-1.el5.rf.i386.rpm

Debian system operation: Apt-get install Iftop

Four, the Operation Iftop

Direct operation: Iftop

The effect of the following figure:

V. Related parameters and instructions

1, Iftop interface related instructions

The interface shows a scale range similar to scale, which is used as a ruler for displaying the flow pattern.

The middle <= => these two left and right arrows, indicating the direction of the flow.

TX: Send Traffic

RX: Receive Traffic

Total: Gross flow

Cumm: Total flow of running iftop to current time

Peak: Peak Flow

Rates: The average traffic of the past 2s 10s 40s respectively

2, Iftop related parameters

Commonly used parameters

-I set the monitoring network card, such as: # Iftop-i eth1

-B displays traffic in bytes (bits by default), such as: # Iftop-b

-N Causes the host information to appear by default directly to the IP, such as: # Iftop-n

-N causes port information to be displayed directly by default, such as: # Iftop-n

-F shows incoming and outgoing traffic for a specific network segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0

-H (Display this message), Help, display parameter information

-P using this parameter, the middle of the list shows the local host information, the presence of IP information outside the machine;

-B to display the flow graph bar by default;

-F This is temporarily not very good to use, filtering the calculation package;

-P causes host information and port information to be displayed by default;

-M to set the maximum of the top of the interface, the scale is divided into five large segment display, example: # iftop-m 100M

Some action commands after entering the Iftop screen (note case)

Press H to toggle whether to show help;

Press N to toggle the display of the IP or host name of the computer;

Press S to toggle whether the local host information is displayed;

Press D to toggle whether to display host information for remote target hosts;

Press T to toggle the display format to 2 lines/1 lines/Show only send traffic/show only receive traffic;

Toggle the display port number or port service name by N;

Press S to toggle whether or not to display the port information of the machine;

Press D to toggle the display of port information for the remote target host;

Press p to toggle whether or not to display port information;

Press p to toggle suspend/continue display;

Whether the average flow graph bar is shown by B switch;

The average flow rate in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;

Press T to toggle whether the total flow of each connection is displayed;

Press L to open screen filtering function, input to filter characters, such as IP, press ENTER, the screen will only display this IP-related traffic information;

Press L to toggle the display of the top of the screen, the scale is different, flow chart will change;

Press J or press K to scroll up or down the screen to display the connection record;

1 or 2 or 3 can be sorted according to the three-column flow data displayed on the right;

Press < sort according to the local name or IP on the left;

Press > To sort the host name or IP of the remote target host;

Press O to toggle to show only current connections;

Press F can edit the filter code, this is the translation over the saying, I have not used this!

Press! You can use the shell command, this is useless! I don't know what command works here!

Press Q to exit monitoring.

Vi. Frequently Asked Questions

1. Make:yacc:Command not Found

Make: * * * [GRAMMAR.C] Error 127

Workaround: Apt-get Install Byacc/yum install BYACC

2, configure:error:curses! Foiled again!

(Can ' t find a curses library supporting Mvchgat.)

Consider installing ncurses.

Workaround: Apt-get Install Libncurses5-dev/yum install Ncurses-devel