iftop – monitor and analyze your network traffic on Linux January 20, 2011
Posted by Tournas Dimitrios in Linux admin tools.trackback
iftop is a real good utility both for your own PC/Laptop and for your server and specially good for the latter and even better if this server is acting as the main router in your premises.
Well lets explain what iftop does, it is more or less like top, or htop but it does not measure the processes in the processor, but it measure the “processes” in the ethernet interface, giving you information about the IPs that have a connection with the PC where iftop is running, also giving information about the traffic, if it is incoming or outcoming, also how much traffic there is in that connection and the total amount of traffic in the interface.
This utility is provided from EPEL repository and yum will make the installation for us :
yum install iftop
| The most common command line options : |
|---|
| -h | Print a summary of usage |
| -i | Define on witch interface to monitor (if your box is acting as a router) |
| -p | Run in promiscuous mode, so that traffic which does not pass directly through the specified inter- face is also counted. |
| -P | Shows also the port that connection is using both on our side and on the other side |
| -N | Do not resolve port names, which is the default behavior when you enable the -P option, so it will shows you :www or :80 |
Filtering networks, hosts, and ports :
While it’s nice to see all the hosts your computer is talking to, it’s often the case that you’re only interested in a certain segment of the network. iftop allows you to filter connections by network, host, and port, which gives you complete control over which connections are displayed. iftop accepts pcap-filter formatted filters on the commandline with the -f flag. Below is a table of some of the filers you might want to use with iftop:
| dst host xxxx | src host xxxx |
| dst net xxxx | src net net |
| dst port xxxx | src port xxxx |
| dst portrange start-end | src portrange start-end |
| gateway xxxx | |
| ip proto protocol |
For example:
- to view only traffic going from your local machine to google.com over eth0, you could run:
iftop -i eth0 -f “dst host Linux.com” - to see only ssh traffic over eth1:
iftop -i eth1 -f “dst port 22″
Additionally, iftop allows you to set arbitrary filters based upon regular expressions. It’s important to note that when you specify a filter with a regular expression, you are only filtering the on-screen output, whereas using a pcap filter (above) will filter what iftop actually listens to. As a result, the totals displayed at the bottom of the screen won’t be affected by regex filters. You can press the l key to enter regular expression filters while iftop is running.
Controlling the interface and the online help :
Once you’ve got the information you want on the screen, you’ll need to be able to move around and tweak the exact output. There are many options, and the easiest thing to do is just hit the h or ? key to see the on-screen help .
Linux >>> 
Tournas Dimitrios 
Comments»
No comments yet — be the first.