Network card traffic monitoring software in linux

Article title: software that monitors network card traffic in linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

1. iftop officially says libpcap and libcurses are required. ---- (libcurses can be installed without installation)

The system requires libpcap and libpcap-devel. The system disk contains these two packages (I use RHEL5.3)

First install

Libpcap-0.6.2.tar.gz (search for download online)

Decompress the package and enter the directory.

./Configure

Make

Check if not generated:

/Usr/local/lib/libpcap.

You can.

Download the iftop package

Http://www.ex-parrot.com/%7Epdw/iftop/download/

Optional: iftop-0.13pre2.tar.gz download

Decompress and install

Cd iftop-0.16 after decompression

Chmod 777 configure (sometimes grant permissions)

./Configure -- prefix =/usr/local/iftop & make install

/Usr/local/iftop/sbin/iftop // The default traffic is eth0.

Common parameters:

#/Usr/local/iftop/sbin/iftop help // view the help command

-I: sets the monitored Nic, for example: # iftop-I eth1

-B displays traffic in bytes (bits by default), for example: # iftop-B

-N: the host information is directly displayed by default, for example: # iftop-n

-N indicates that port information is directly displayed by default, for example: # iftop-N

-F displays inbound and outbound traffic for a specific network segment, for example, # iftop-F 10.10.1.0/24 or # iftop-F 10.10.1.0/255.255.255.0

-H (display this message) does not understand what it means... Hehe

-P: When this parameter is used, the local host information is displayed in the intermediate list, and IP information other than the local host is displayed;

-B: The traffic graph bar is displayed by default;

-F this is not very useful for the moment. it is used to filter the computing package;

-P: The host information and port information are displayed by default;

-M: set the maximum value of the scale at the top of the page. the scale is displayed in five segments. for example: # iftop-m 100 M

-C specifies the specific configuration file, which has never been used for the moment;

Some operation commands after entering the iftop screen (case sensitive ):

Switch by h to see if the help is displayed;

Switch by n to display the local IP address or host name;

Switch by s to check whether the host information of the local machine is displayed;

Switch by d to whether the host information of the remote target host is displayed;

The display format of switching by t is 2 rows/1 line/only show sent traffic/only show received traffic;

Switch by N to display the port number or port service name;

Switch by S to check whether the port information of the local machine is displayed;

Whether to display the port information of the remote target host based on D;

Switch by p to see whether port information is displayed;

Press P to switch to pause/continue display;

Switch by B to see whether the average traffic graph is displayed;

Calculate the average traffic of 2 seconds, 10 seconds, or 40 seconds based on B switching;

Whether to display the total traffic of each connection during T-based switchover;

Press l to enable the screen filtering function. enter the characters to filter, such as ip address. press enter to display only traffic information related to this IP address;

Switch the scale on the top of the display screen by L; the traffic graph bar varies depending on the scale;

Press j or k to scroll up or down the connection records displayed on the screen;

You can sort the data by 1, 2, or 3 based on the traffic data in the three columns displayed on the right;

Sort by the host name or IP address of the remote target host;

Whether o-based switchover is fixed only displays the current connection;

Press f to edit and filter the code. this is a translation, and I have never used this!

Press! You can use shell commands. this is useless! I don't understand what the command works here!

Press q to exit monitoring.

Iptraf

To

Http://www.iptraf.seul.org/download.html

The downloaded iptraf package contains binary code and compiled executable files.

Decompress the downloaded package

./Configure & make install

Nload

To

Http://www.roland-riegel.de/nload/

# Download nload

Decompress the package and enter nload.

Configure & make install

I personally think that the iftop and iptraf are comprehensive, and the traffic classification is relatively small.