Use Iptraf in Centos6.3 to analyze port-based network traffic

Compared with nload, Iptraf is an excellent free small software that monitors network traffic of specific ports in linux. system environment: centos6.3Iptraf: iptraf-3.0.0 2. View dependency packages: # rpm-qa | grepgcc # rpm-qa | grepglibc # rpm-qa | gre

Compared with nload, Iptraf is an excellent free small software that monitors network traffic of specific ports in linux.

System environment: centos6.3Iptraf: iptraf-3.0.0 2. view the dependency package: # rpm-qa | grep gcc # rpm-qa | grep glibc # rpm-qa | grep ncurses if not, install the corresponding development kit (centos default installation source) # yum install gcc glibc ncurses 3. install # wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz# Tar zxf Iptraf-3.0.0.tar.gz # cd Iptraf-3.0.0 #./Setup now, installation is complete. The installer installs the program to the/usr/local/bin directory, and creates the/var/local/Iptraf directory to put the Iptraf configuration document, create the/var/log/Iptraf directory and place the logs generated by Iptraf. 4. after running Iptraf #/usr/local/bin/iptraf to run I, a character interface menu is generated. click x to exit Iptraf. the menus are described as follows: 1. menu Configure... you can configure Iptraf here. any modifications will be saved in the document:/var/local/Iptraf. in cfg --- Reverse DNS Lookups option, Reverse lookup of the DNS name for the IP address is disabled by default. --- For the TCP/UDP Service Names option, use the server instead of the port number, for example, use www instead of 80, which is disabled by default. --- Force promiscuous hybrid mode. at this time, the NIC will accept any incoming data, whether it is sent to itself or not. --- The Color is displayed on the terminal. of course, only connections via telnet or ssh are allowed. that is, connection via a terminal that does not support Color is certainly not colored. --- Logging generates log documents at the same time in the/var/log/Iptraf directory. --- The Activity mode can select whether the statistical unit is kbit/sec or kbyte/sec. --- After selecting Source MAC addrs in traffic monitor, the Source MAC address of the data packet is displayed. 2. menu Filters... filtering rules can be configured here, which is the most useful option. when you connect to the monitoring machine from the remote end, your machine and monitoring opportunities generate a steady stream of tcp packets, which is sometimes annoying, in this case, you can exclude your IP address. It has six options: Tcp, Udp, Other IP, ARP, RARP, and Non-ip. Taking TCP as an example, the configurations of other options are similar. --- After Defining a New Filter is selected as Defining a New Filter, a dialog box is displayed. enter the description name of the created rule, press enter to confirm, and press Ctrl + x to cancel. In the dialog box that appears, enter the source address in First of Host name/IP address:, and enter the target address in Second, the two boxes of Wildcard mask are respectively the mask corresponding to the source address and the target address. Note that the address here can be a single address or a network segment. if it is a single IP address, fill in the corresponding subnet mask as 255.255.255.255.255. if it is a network segment, fill in the corresponding subnet mask. for example, to represent 192.168.0.0 and a network segment with 256 IP addresses, fill in 192.168.0.0, subnet: 255.255.255.0. Similarly, All is represented by 0.0.0.0, and subnet is also represented by 0.0.0.0. Port: enter the Port number to be filtered in the column. 0 indicates any Port number. The Include/Exclude column must be filled with I or E, I indicates including, and E indicates exclusion. After entering the information, press enter to confirm and Ctrl x to cancel. --- Applying a Filter one or more Filter rules defined in the previous step will be stored as a Filter list, which does not work before they are applied. here we can select the Filter rules that we apply. Rules of any application always work, even if you restart Iptraf. We can execute the Detaching a Filter to cancel executing the rules of any current application. --- Editing a Defined Filter edit an existing rule --- Deleting a Defined Filter delete a Defined rule --- Detaching a Filter cancel executing rules of any current application 3. menu IP Traffic Monitor IP real-Time packet traffic monitoring window, note that this will monitor any incoming and outgoing data packets, including your own data packets. Therefore, if you connect to the monitoring host using a remote terminal, you and the monitoring host will continuously generate data streams, therefore, we recommend that you... filter out your IP address in the menu, but it does not affect it. Here we can see the traffic status of each connection in real time. There are two windows on which the TCP connection status is displayed, the following window shows the packets of UDP, ICMP, OSPF, IGRP, IGP, IGMP, GRE, ARP, and RARP. You can click the s key to select sorting, and sort by the number of packages or by the size of the byte. if it is unclear due to real-time changes, when you enable the Logging function in the Configure menu, it records logs in the/var/log/Iptraf directory for future viewing. when the Logging function is enabled, when you start monitoring Iptraffic, the program prompts you to enter the document name for the Log document, which is the ip_traffic-1.log by default. In a busy network, the display results may be messy, making it difficult for you to find the data you are interested in. in this case, you can use the Filters menu to filter the displayed data. 4. menu General Interface Statistics the data traffic Statistics for each network device going out and entering, including Total, IP packet, non-IP packet, Bad IP packet, and more flow rate per second, the unit is kbit/sec or kbyte/sec, which is determined by the Activity option in the Configure menu. If the Filter option is configured, it is also affected. 5. menu Detailed Interface Statistics Detailed Statistics of each network device are provided here, which is very simple and will not be repeated. 6. Statistical Breakdowns provides more detailed statistics, which can be classified by the package size and collected separately. It can also be classified by Tcp/Udp services for statistics and will not be repeated here. 7. LAN Station Statistics provides Statistics on the data of each network address passing through the local machine.