Linux uses iftop to monitor the traffic of network card in real time

Time:2021-1-28

Linux uses iftop to monitor the traffic of network card in real time. The details are as follows:

Iftop can be used to monitor the real-time traffic of network card (network segment can be specified), reverse analyze IP, display port information, etc.

In Linux / Unix like system, you can use top to view system resources, processes, memory occupation and other information. To view the network status, you can use netstat, nmap and other tools. To view real-time network traffic, monitor TCP / IP connections, etc., you can use iftop.

Install iftop

If you use compilation and installation, you can download the latest source code package from the official iftop website. Before installation, you need to have installed the basic environment for compilation, such as make, GCC, Autoconf, etc. Libpcap and libcurses are also required to install iftop.

Install the required dependency package on CentOS:


yum install -y gcc flex byacc libpcap ncurses ncurses-devel libpcap-devel tcpdump

Attachment: dependency package for Debian installation:

apt-get install flex byacc libpcap0.8 libncurses5

Download the source code and compile the installation

cd /usr/local/src
wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
tar xvf iftop-0.17.tar.gz
cd iftop-0.17
./configure --prefix=/usr/local/iftop
make
make install
Chmod 700 / usr / local / SBIN / iftop # modify iftop permissions

usage method

/usr/local/iftop/sbin/iftop
/Usr / local / iftop / SBIN / iftop - I eth0 - N shows the traffic status of eth0 network card

Attachment: Debian system running: apt get install iftop

If there is no custom path when installing iftop, you can view the traffic statistics by running iftop directly, for example, iftop or iftop – I eth0 – n

Related parameters and description

1. Related description of iftop interface

The scale range similar to a scale is displayed on the interface, which is used as a ruler to display the flow graph. The two left and right arrows in the middle indicate the flow direction.

TX: sending traffic

Rx: receive traffic

Total: total flow

Cumm: the total flow of running iftop up to the present time

Peak: traffic peak

Rates: the average flow in the past 2 s, 10 s and 40 s respectively

2. Related parameters of iftop

Common parameters

-I set the monitoring network card, such as # iftop – I eth1

-B displays the traffic in bytes (the default is bits), such as # iftop – B

-N make the host information display IP directly by default, such as # iftop – n

-N makes the port information directly display the port number by default, such as # iftop – n

-F shows the in and out traffic of a specific network segment, such as # iftop – F 10.10.1.0/24 or # iftop – F 10.10.1.0/255.255.0

-H (display this message), help, display parameter information

-P after using this parameter, the local host information displayed in the middle list shows IP information other than the local host;

-B make the flow graph bar display by default;

-F this is not very useful for the time being. It is used to filter the calculation package;

-P make host information and port information display by default;

-M sets the maximum value of the top scale of the interface. The scale is displayed in five large segments, for example: # iftop – M 100m

Some operation commands after entering the iftop screen (pay attention to the case)

Press h to switch whether to display help or not;

Press n to switch to display the IP or host name of the machine;

Press s to switch whether the host information of the machine is displayed;

Press D to switch whether to display the host information of the remote target host;

Press t to switch the display format to 2 lines / 1 line / display only the sending traffic / display only the receiving traffic;

Press n to switch to display the port number or port service name;

Press s to switch whether to display the port information of the machine;

Press D to switch whether to display the port information of the remote target host;

Press p to switch whether to display port information;

Press p to switch the pause / resume display;

Press B to switch whether to display the average flow graph bar;

Calculate the average flow in 2 seconds or 10 seconds or 40 seconds according to B switch;

Press t to switch whether to display the total flow of each connection;

Press l to open the screen filtering function, input the characters to be filtered, such as IP, press enter, and the screen will only display the IP related traffic information;

Press l to switch the scale on the top of the display screen; the flow graph bar will change if the scale is different;

Press J or K to scroll up or down the connection record displayed on the screen;

Press 1, 2 or 3 to sort according to the three columns of flow data displayed on the right;

Sort by < according to the local name or IP on the left;

Sort by > according to the host name or IP of the remote target host;

Press o to switch whether it is fixed. Only the current connection is displayed;

Press f to edit the filter code, which is translated from the saying, I have not used this!

Press! You can use the shell command, which has never been used! I don’t understand what kind of command works here!

Press Q to exit monitoring.

FAQ 1


make: yacc: Command not found
make: *** [grammar.c] Error 127

resolvent:

apt-get install byacc / yum install byacc

FAQ 2

configure: error: Curses! Foiled again!
(Can’t find a curses library supporting mvchgat.)
Consider installing ncurses.

resolvent:

apt-get install libncurses5-dev / yum install ncurses-devel

FAQ 3

configure: error: can’t find pcap.h
  You’re not going to get very far without libpcap.
    (Can’t find a curses library supporting mvchgat.)

resolvent:

apt-get install libpcap-devel / yum install libpcap-devel

Add: next look at another method, Linux real-time network card traffic monitoring

yum install –y sysstat

sar -n DEV 1

watch -n 1 "ifconfig enp0s8"

Summary of the above is Xiaobian’s introduction of linux using iftop to monitor the network card’s traffic in real time. I hope it can help you. If you have any questions, please leave me a message and Xiaobian will reply you in time. Thank you very much for your support to developer! If you think this article is helpful to you, please reprint, please indicate the source, thank you!