Comment: In Unix-like systems, you can use top to view system resources, processes, memory usage, and other information. To view the network status, you can use tools such as netstat and nmap. To view real-time network traffic and monitor TCP/IP connections, you can use iftop. I. What is iftop? Iftop is a real-time traffic monitoring tool similar to top. Official website: http:
Comments: In Unix-like systems, you can use top to view system resources, processes, memory usage, and other information. To view the network status, you can use tools such as netstat and nmap. To view real-time network traffic and monitor TCP/IP connections, you can use iftop.
I. What is iftop?
Iftop is a real-time traffic monitoring tool similar to top.
Official website: http://www.ex-parrot.com /~ Pdw/iftop/
II. what is the use of iftop?
Iftop can be used to monitor the network card's real-time traffic (network segment can be specified), reverse resolution IP address, display port information, and so on. The detailed description will be described in the following parameters.
3. install iftop
Installation method
1,Compile and install
If compilation and installation are used, you can download the latest source code package from the iftop official website.
Before installation, you must have installed the environment required for basic compilation, such as make, gcc, and autoconf. To install iftop, you also need to install libpcap and libcurses.
Install the required dependency package on CentOS:
Yum install flex byacc libpcap ncurses-devel
Install the required dependency package on Debian:
Apt-get install flex byacc libpcap0.8 libncurses5
Download iftop
Wget
Http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
Tar zxvf iftop-0.17.tar.gz
Cd iftop-0.17
./Configure
Make & make install
Installation Method 2: (lazy method, simplest)
Skip the preceding steps.
CentOS system:
Yum install flex byacc libpcap ncurses-devel
Wgetftp: // response
Rpm-ivh iftop-0.17-1.el5.rf.i386.rpm
Run the Debian system: apt-get install iftop
4. run iftop
Run: iftop
The effect is as follows:
V. related parameters and descriptions
1. description of iftop interface
The scale range shown on the page is similar to the scale range of the scale. it is used as a scale for the long strips displaying traffic graphs.
The left and right arrows in the middle indicate the direction of traffic.
TX: send traffic
RX: receive traffic
TOTAL: TOTAL traffic
Cumm: total traffic from running iftop to current time
Peak: traffic peak
Rates: average traffic in the past 2 s, 10 s, and 40 s respectively
2. iftop parameters
Common parameters
-I: sets the monitored Nic, for example: # iftop-I eth1
-B displays traffic in bytes (bits by default), for example: # iftop-B
-N: the host information is directly displayed by default, for example: # iftop-n
-N indicates that port information is directly displayed by default, for example: # iftop-N
-F displays inbound and outbound traffic for a specific network segment, for example, # iftop-F 10.10.1.0/24 or # iftop-F10.10.1.0/255.255.255.0
-H (display this message), help, display parameter information
-P: When this parameter is used, the local host information is displayed in the intermediate list, and IP information other than the local host is displayed;
-B: The traffic graph bar is displayed by default;
-F this is not very useful for the moment. it is used to filter the computing package;
-P: The host information and port information are displayed by default;
-M: set the maximum value of the scale at the top of the page. the scale is displayed in five segments. for example: # iftop-m 100 M
Some operation commands after entering the iftop screen (case sensitive)
Switch by h to see if the help is displayed;
Switch by n to display the local IP address or host name;
Switch by s to check whether the host information of the local machine is displayed;
Switch by d to whether the host information of the remote target host is displayed;
The display format of switching by t is 2 rows/1 line/only show sent traffic/only show received traffic;
Switch by N to display the port number or port service name;
Switch by S to check whether the port information of the local machine is displayed;
Whether to display the port information of the remote target host based on D;
Switch by p to see whether port information is displayed;
Press P to switch to pause/continue display;
Switch by B to see whether the average traffic graph is displayed;
Calculate the average traffic of 2 seconds, 10 seconds, or 40 seconds based on B switching;
Whether to display the total traffic of each connection during T-based switchover;
Press l to enable the screen filtering function. enter the characters to filter, such as ip address. press enter to display only traffic information related to this IP address;
Switch the scale on the top of the display screen by L; the traffic graph bar varies depending on the scale;
Press j or k to scroll up or down the connection records displayed on the screen;
You can sort the data by 1, 2, or 3 based on the traffic data in the three columns displayed on the right;
Press <根据左边的本机名或ip排序;< p>
Sort by> by the host name or IP address of the remote target host;
Whether o-based switchover is fixed only displays the current connection;
Press f to edit and filter the code. this is a translation, and I have never used this!
Press! You can use shell commands. this is useless! I don't understand what the command works here!
Press q to exit monitoring.
VI. FAQs
1. make: yacc: Command not found
Make: *** [grammar. c] Error 127
Solution: apt-get install byacc/yum installbyacc
2. configure: error: Curses! Foiled again!
(Can't find a curses library supporting mvchgat .)
Consider installing ncurses.
Solution: apt-get install libncurses5-dev/yum install ncurses-devel