Linux real-time traffic monitoring tool iftop installation and usage tutorial

1. install the iftop dependency package: # yuminstallflexbyacclibpcapncursesncur

1. install the iftop dependency package:
# Yum install flex byacc libpcap ncurses-devel libpcap-devel

2. download the iftop source code package
# Wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
 
3. install iftop
# Tar xvf iftop-0.17.tar.gz
# Cd iftop-0.17
#./Configure -- prefix =/usr/local/iftop
# Make
# Make install
 
4. use iftop
#/Usr/local/iftop/sbin/iftop <可把此路径写进环境变量>

5. iftop tutorial

1. description of iftop interface
The page displays a scale range similar to a scale. it is used as a scale for the long strips that display traffic graphs.
The left and right arrows in the middle indicate the direction of traffic.
TX: send traffic
RX: receive traffic
TOTAL: TOTAL traffic
Cumm: total traffic from running iftop to current time
Peak: traffic peak
Rates: average traffic in the past 2 s, 10 s, and 40 s respectively

2. common parameters:
-I: sets the monitored Nic, for example: # iftop-I eth1
-B displays traffic in bytes (bits by default), for example: # iftop-B
-N: the host information is directly displayed by default, for example: # iftop-n
-N indicates that port information is directly displayed by default, for example: # iftop-N
-F displays inbound and outbound traffic for a specific network segment, for example, # iftop-F 10.10.1.0/24 or # iftop-F 10.10.1.0/255.255.255.0
-H (display this message), help, display parameter information
-P: When this parameter is used, the local host information is displayed in the intermediate list, and IP information other than the local host is displayed;
-B: The traffic graph bar is displayed by default;
-P: The host information and port information are displayed by default;
-M: set the maximum value of the scale at the top of the page. the scale is displayed in five segments. for example: # iftop-m 100 M

3. common interactive commands after running iftop:
Switch by h to see if the help is displayed;
Switch by n to display the local IP address or host name;
Switch by s to check whether the host information of the local machine is displayed;
Switch by d to whether the host information of the remote target host is displayed;
The display format of switching by t is 2 rows/1 line/only show sent traffic/only show received traffic;
Switch by N to display the port number or port service name;
Switch by S to check whether the port information of the local machine is displayed;
Switch by D to whether the port information of the remote target host is displayed;
Switch by p to see whether port information is displayed;
Press P to switch to pause/continue display;
Switch by B to see whether the average traffic graph is displayed;
Calculate the average traffic of 2 seconds, 10 seconds, or 40 seconds based on B switching;
Whether to display the total traffic of each connection during T-based switchover;
Press l to enable the screen filtering function. enter the characters to filter, such as ip address. press enter to display only traffic information related to this IP address;
Switch the scale on the top of the display screen by L; the traffic graph bar varies depending on the scale;
Press j or k to scroll up or down the connection records displayed on the screen;
You can sort the data by 1, 2, or 3 based on the traffic data in the three columns displayed on the right;
Sort by host name or IP address of the remote host;
Whether o-based switchover is fixed only displays the current connection;
Exit monitoring by pressing q