iftop

A real-time traffic monitoring tool

Supplementary instructions

iftop command is a real-time traffic monitoring tool that monitors TCP/IP connections, etc. The disadvantage is that it has no reporting function. Must be run as root.

grammar

iftop(option)

Options

iftop: Display interface bandwidth usage by host

Parameters: iftop -h | [-npblNBP] [-i interface] [-f filter code]
     [-F net/mask] [-G net6/mask6]

    -h displays help information
    -n Do not convert IP to host name
    -N Do not convert the port to the corresponding service name
    -p runs in promiscuous mode (displays traffic between other hosts on the same network segment)
    -b Do not display traffic traffic bar graphs
    -B uses Byte to display traffic status (bit displayed by default)
    -i interface specifies the network port to be monitored -i eth0
    -f filter code use filter code to select packets to count
                       (default: none, but only IP packets are counted)
    -F net/mask displays the traffic of the specified IPV4 network. The parameters can be hostname/IP/mask.
    -G net6/mask6 displays the traffic of the specified IPV6 network. The parameters can be hostname/IP/mask
    -l show local network/loopback network/ipv6 traffic (default: off)
    -P show host port
    -m limit sets the upper limit of bandwidth size
    -c config file specifies optional configuration file
    -t Use text mode display
   
    Sorting orders:
    -o 2s Sort according to the first column (the average value every 2 seconds is one counting period)
    -o 10s Sort by the second column (the average value every 10 seconds is one counting period]
    -o 40s Sort by the third column (the average value every 40 seconds is one counting period)
    -o source continues sorting according to original address
    -o destination Sort by destination address
   
    The following options are only available with -t
    -s num print a text output after num seconds, then exit
    -L num number of lines to print

Interface description

The first line is bandwidth, here it is 1Mbit, not bytes. Connection list, the last three columns are the average traffic in 2 seconds, 10 seconds and 40 seconds respectively => means send <= means receiving The last three lines represent send, receive and total traffic, The second column is the current traffic volume since you ran iftop, the third column is the peak value, and the fourth column is the average value.

Example

iftop # The default is to monitor the traffic of the first network card
iftop -i eth1 # Monitor eth1
iftop -n # Display IP directly without DNS reverse resolution
iftop -N # Display the port number directly without displaying the service name
iftop -F 192.168.1.0/24 or 192.168.1.0/255.255.255.0 # Display the incoming and outgoing packet traffic of a certain network segment