Linux view real-time bandwidth traffic conditions

Linux View network card Traffic tool has Iptraf, iftop and Nethogs, etc., iftop can be used to monitor the network card real-time traffic (can specify network segment), reverse resolution IP, display port information.

The command to install Iftop is as follows:

The CentOS system is "Yum install Iftop-y"

Install the required dependency packages on CentOS:

Yum Install Flex BYACC libpcap ncurses ncurses-devel libpcap-devel

or download the source installation wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz

Tar zxvf iftop-0.17.tar.gz

CD iftop-0.17

./configure

Make && make install

Debian/ubuntu system for "Apt-get install Iftop"

Common parameter Description:

-I set the monitoring network card, such as: # Iftop-i eth1, where eth1 is the server's public network card, (network card name can be viewed through ifconfig), the results such as one or two:

-B displays traffic in byte (by default, bits), such as: # Iftop-b-F to show incoming and outgoing traffic for a specific segment, such as # iftop-f 182.92.***.0/24 or # iftop-f 182.92.***.0/ 255.255.255.0 such as: Iftop-i Eth1-b-F 182.92.***.20

Displays the amount of data 182.92.***.20 this IP is interacting with the server's Nic eth1, in bytes.

Interface Description:

"<=" and "=" represent the direction of traffic

"TX": The traffic from the network card "RX": The network card receives traffic "total": Network card send receive the overall traffic "cum": iftop start to run to the current point in time the total traffic "peak": Network card traffic Peak "rates": The last 2s, 10s, 40s average traffic

You can exit iftop with the "Q" Key of the keyboard

Case Description:

Resource monitoring details in the ECS console when viewing server bandwidth utilization anomalies, you can troubleshoot IP that has been interacting with the server's data in the above results

If you look at ECS in the bandwidth run full, through Iftop view to the above 182.92.***.20 this IP occupies a higher traffic, if it is an abnormal IP, can be blocked by iptables: iptables-a input-s 182.92.***.20- J DROP

Iftop Related parameters

Common parameters

-I set the monitoring network card, such as: # Iftop-i eth1

-B displays traffic in bytes (default is bits), such as: # Iftop-b

-N Causes the host information to display IP directly by default, such as: # Iftop-n

-N causes port information to be displayed by default directly, such as: # Iftop-n

-F shows incoming and outgoing traffic for a specific segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0

-H (Display this message), Help, display parameter information

-p after using this parameter, the middle list shows the local host information, and the IP information outside of this machine appears;

-B to display the flow graph bar by default;

-F This is not very likely to use, filter the calculation of the packet;

-P enables host information and port information to be displayed by default;

-M sets the maximum value of the top-most scale of the interface, with a scale of five large segments, for example: # iftop-m 100M

Some operation commands after entering the Iftop screen (note case)

Press H to toggle whether help is displayed;

Press N to toggle the display of the IP or host name of the machine;

Press S to toggle whether the host information of the machine is displayed;

Press D to toggle whether the host information of the remote target hosts is displayed;

Press T to toggle the display format to 2 lines/1 lines/Only send traffic/show receive traffic only;

Press N to toggle display port number or port service name;

Press S to toggle whether to display the port information of the machine;

Press D to toggle whether the port information of the remote target host is displayed;

Press p to toggle whether the port information is displayed;

Press p to toggle pause/resume display;

Press B to toggle whether the average flow graph bar is displayed;

The average flow in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;

Press T to toggle whether the total traffic for each connection is displayed;

Press L to turn on the screen filtering function, enter the characters to filter, such as IP, press ENTER, the screen will only show this IP-related traffic information;

Press L to toggle the scale on the top of the display screen, and the flow graph bar will change depending on the scale;

Press J or press K to scroll up or down the screen to display the connection record;

Press 1 or 2 or 3 to sort by the three-column traffic data displayed on the right;

Sort by < According to the native name or IP on the left;

Sort by > According to the host name or IP of the remote target host;

Press O to toggle whether the current connection is fixed only;

Press F to edit the filter code, this is translated by the saying, I have not used this!

You can use the shell command, this is useless! I don't know what the order is.

Press Q to exit the monitor.

Linux view real-time bandwidth traffic conditions