Linux real-time network traffic monitoring ifstat iftop command details

Ifstat

Introduction

Ifstat is a monitoring tool for network interfaces.

 

Instance

Default usage

#ifstat       eth0                eth1        KB/s in  KB/s out   KB/s in  KB/s out    0.07      0.20      0.00      0.00    0.07      0.15      0.58      0.00

By default, ifstat does not monitor the loopback interface. The displayed traffic unit is KB.

 

Monitor all network interfaces

# ifstat -a        lo                 eth0                eth1        KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out    0.00      0.00      0.28      0.58      0.06      0.06    0.00      0.00      1.41      1.13      0.00      0.00    0.61      0.61      0.26      0.23      0.00      0.00

 

Ifstat is a simple overview of network traffic.

 

Iftop

Introduction

Iftop is a real-time traffic monitoring tool that monitors TCP/IP connections. Its disadvantage is that it has no report function. It must be root.

 

Instance

The traffic of the first ENI is monitored by default.

iftop

Monitor eth1

iftop -i eth1

Direct display of IP addresses without reverse DNS resolution

iftop -n

The connection port number is displayed directly, but the service name is not displayed:

iftop -N

Display inbound and outbound traffic of a CIDR Block

iftop -F 192.168.1.0/24 or 192.168.1.0/255.255.255.0

 

Explain output meaning based on Instances

After iftop-N-n-I eth1 is executed, the interface is

                 19.1Mb            38.1Mb              57.2Mb               76.3Mb             95.4Mb+-----------------+-----------------+--------------------+--------------------+---------------------192.168.1.11                                  => 192.168.1.66                  5.3Mb  3.22Mb  3.20Mb                                              <=                               219kb  45.7kb  49.3kb192.168.1.11                                   => 192.168.1.29                 144kb  30.8kb  29.6kb                                              <=                               11.3Mb  2.38Mb  2.74Mb192.168.1.11                                  => 12.2.11.71                    0b   6.40kb  6.66kb                                              <=                               0b      0b      0b192.168.1.11                                  => 192.168.1.8                   2.63kb  1.43kb   932b                                              <=                               1.31kb  1.05kb   893b192.168.1.11                                   => 192.168.2.78                 2.53kb  1.54kb  2.15kb                                               <=                              160b    160b    187b192.168.1.11                                   => 111.126.195.69               0b    166b     69b                                               <=                              0b      0b      0b------------------------------------------------------------------------------------------------------TX:             cum:   9.70MB   peak:   15.6Mb                          rates:   15.4Mb  3.26Mb  3.23MbRX:                    8.38MB           14.9Mb                                   11.5Mb  2.42Mb  2.79MbTOTAL:                 18.1MB           30.5Mb                                   27.0Mb  5.69Mb  6.03Mb

The description of the iftop interface is as follows:

The first line shows the intermediate part of the bandwidth: The External Connection list, that is, the right side of the middle part of the network connection between the ip address and the local machine. The real-time parameter is 2 seconds for the access ip address to connect to the local machine, the average traffic of 10 s and 40 s => indicates the data to be sent. <= indicates three rows at the bottom of the received data: sending, receiving, and all traffic. The second column is at the bottom of the three rows: run iftop for you to the current traffic bottom three rows third column: high peak bottom three rows fourth column: Average

Through the iftop interface, it is easy to find which ip address occupies network traffic. This is what ifstat cannot do. However, the traffic display unit of iftop is Mb. The B is bit, bit, not byte, And the KB of ifstat. The B is byte, And the byte is eight times the bit. Beginners are easily misled.

 

Enter the iftop command

After entering the iftop screen, some operation commands (case-sensitive) are switched by h to show help; the IP or host Name of the local machine is switched by n; and the host information of the local machine is displayed by s; whether the host information of the remote target host is displayed during the switch by d. The display format of the switch by t is 2 rows/1 line/only the sent traffic is displayed/only the received traffic is displayed; switch by N to display the port number or port service name; switch by S to show the port information of the local machine; Switch by D to show the port information of the remote target host; Switch by p to show the port information; pause/continue display by P switch; display average traffic graph by B switch; calculate average traffic within 2 s, 10 s, or 40 s by B switch; whether to display the total traffic of each connection by T switching; enable the screen filter function by l, enter the characters to filter, such as ip, and press Enter, only traffic information related to this IP address is displayed on the screen. The scale above the display screen is switched by L. The traffic graph Entries vary depending on the scale; by j or k, you can scroll up or down the connection records displayed on the screen; by 1, 2, or 3, you can sort the traffic data based on the three columns displayed on the right; sort by <according to the local name or IP address on the left; by> Sort by the host name or IP address of the remote target host; whether o-based switching is fixed or not only displays the current connection; you can edit and filter the code by f, which is translated and I have never used this! Press! You can use shell commands. This is useless! I don't understand what the command works here! Press q to exit monitoring.