Ifstat
Introduced
Ifstat tool is a network interface monitoring tool, relatively simple to see network traffic
Instance
Default usage
#ifstat eth0 eth1 kb/s in kb/s out kb/s in kb/s out 0.07 0.20 0.00 0.00 0.07 0.15 0.58 0.00
The default ifstat does not monitor the loopback interface, and the displayed traffic Unit is KB.
Monitor all network interfaces
# ifstat-a lo eth0 eth1 kb/s in kb/s off kb/s in kb/s off kb/s in kb/s Out 0.00 0.00 0.28 0.58 0.06 0.06 0.00 0.00 1.41 1.13 0.00 0.00 0.61 0.61 0.26 0.23 0.00 0.00
Ifstat relatively simple look at the network traffic overview.
Iftop
Introduced
Iftop is a real-time traffic monitoring tool, monitoring TCP/IP connectivity, the disadvantage is no reporting function. Must be root to run.
Instance
The default is to monitor the first network card traffic
Iftop
Monitoring eth1
Iftop-i eth1
Direct IP display, no DNS reverse resolution
Iftop-n
The port number is displayed directly, and the service name is not displayed:
Iftop-n
Show a network segment incoming and outgoing packet traffic
Iftop-f 192.168.1.0/24 or 192.168.1.0/255.255.255.0
Explanation of output meaning based on examples
After performing the iftop-n-n-i eth1 the interface is
19.1Mb 38.1Mb 57.2Mb 76.3Mb 95.4mb+-----------------+-- ---------------+--------------------+--------------------+---------------------192.168.1.11 = = 192.168.1.66 5.3Mb 3.22Mb 3.20Mb <= 219kb 45.7kb 49.3kb192.168.1.11 = 192.168.1.29 144KB 30.8kb 29.6kb <= 11.3Mb 2.38Mb 2. 74mb192.168.1.11 = 12.2.11.71 0b 6.40kb 6.66kb <= 0b 0b 0b192.168.1.11 = = 192.168.1.8 2.63kb 1.43kb 932b <=1.31kb 1.05kb 893b192.168.1.11 = 192.168.2.78 2.53kb 1.54kb 2.1 5kb <= 160b 160b 187b192.168.1.11 = = 111.126.195.69 0b 166b 69b <= 0b 0b 0b------------------------------------------------------------- -----------------------------------------TX:CUM:9.70MB PEAK:15.6MB Rates: 15.4Mb 3.26Mb 3.23mbrx:8.38mb 14.9Mb 11.5Mb 2.42Mb 2.7 9MBTOTAL:18.1MB 30.5Mb 27.0Mb 5.69Mb 6.03Mb
The Iftop interface has the following meanings
The first line: The bandwidth shows the middle section: the list of external connections, that is, which IP is logged to the right of the middle part of the network connection of this computer: the real-time parameters are the access IP connected to the local 2 seconds, 10 seconds and 40 seconds of average traffic = Send data, <= represents the bottom three lines of data received: Receive and all traffic bottom three row second column: For you run iftop to current traffic bottom three row the third column: For peak value bottom three row fourth column: mean
Through the Iftop interface it is easy to find which IP is hogging the network traffic, this is ifstat do not. However, the Iftop traffic display unit is MB, this b is bit, is bits, not bytes, and ifstat KB, this b is byte, Byte is 8 times times the bit. Beginners are apt to be misled.
Some operation commands after entering the Iftop screen (note case)
Press H to toggle whether help is displayed;
Press N to toggle the display of the IP or host name of the machine;
Press S to toggle whether the host information of the machine is displayed;
Press D to toggle whether the host information of the remote target hosts is displayed;
Press T to toggle the display format to 2 lines/1 lines/Only send traffic/show receive traffic only;
Press N to toggle display port number or port service name;
Press S to toggle whether to display the port information of the machine;
Press D to toggle whether the port information of the remote target host is displayed;
Press p to toggle whether the port information is displayed;
Press p to toggle pause/resume display;
Press B to toggle whether the average flow graph bar is displayed;
The average flow in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;
Press T to toggle whether the total traffic for each connection is displayed;
Press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only show this IP-related traffic information;
Press L to toggle the scale on the top of the display screen, and the flow graph bar will change depending on the scale;
Press J or press K to scroll up or down the screen to display the connection record;
Press 1 or 2 or 3 to sort by the three-column traffic data displayed on the right;
Sort by < According to the native name or IP on the left;
Sort by > According to the host name or IP of the remote target host;
Press O to toggle whether the current connection is fixed only;
Press F to edit the filter code, this is translated by the saying, I have not used this!
You can use the shell command, this is useless! I don't know what the order is.
Press Q to exit the monitor.
Linux network traffic Real-time monitoring Ifstat iftop command detailed