ifstat Tool is a network interface monitoring tool , Let's look at the network traffic



By default

       eth0                eth1       
 KB/s in  KB/s out   KB/s in  KB/s out
    0.07      0.20      0.00      0.00
    0.07      0.15      0.58      0.00

Default ifstat Don't monitor the loopback interface , The unit of flow shown is KB.


Monitor all network interfaces

# ifstat -a
        lo                 eth0                eth1       
 KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
    0.00      0.00      0.28      0.58      0.06      0.06
    0.00      0.00      1.41      1.13      0.00      0.00
    0.61      0.61      0.26      0.23      0.00      0.00


ifstat Let's take a brief look at the network traffic .




iftop Is a real-time traffic monitoring tool , monitor TCP/IP Connections etc. , The disadvantage is that there is no report function . Must be root Identity is the only way to run .



The default is to monitor the traffic of the first network card


monitor eth1

iftop -i eth1

Direct display IP, Don't make DNS Anti parsing

iftop -n

Display port number directly , Do not display service name :

iftop -N

Shows the incoming and outgoing packet traffic of a network segment

iftop -F or


Explain the meaning of output based on examples

perform iftop -N -n -i eth1 The back interface is


                 19.1Mb            38.1Mb              57.2Mb               76.3Mb             95.4Mb
+-----------------+-----------------+--------------------+--------------------+---------------------                                  =>                  5.3Mb  3.22Mb  3.20Mb
                                              <=                               219kb  45.7kb  49.3kb                                   =>                 144kb  30.8kb  29.6kb
                                              <=                               11.3Mb  2.38Mb  2.74Mb                                  =>                    0b   6.40kb  6.66kb
                                              <=                               0b      0b      0b                                  =>                   2.63kb  1.43kb   932b
                                              <=                               1.31kb  1.05kb   893b                                   =>                 2.53kb  1.54kb  2.15kb
                                               <=                              160b    160b    187b                                   =>               0b    166b     69b
                                               <=                              0b      0b      0b
TX:             cum:   9.70MB   peak:   15.6Mb                          rates:   15.4Mb  3.26Mb  3.23Mb
RX:                    8.38MB           14.9Mb                                   11.5Mb  2.42Mb  2.79Mb
TOTAL:                 18.1MB           30.5Mb                                   27.0Mb  5.69Mb  6.03Mb


iftop The meaning of the interface is as follows


 first line : Bandwidth display
The middle part : List of external connections , That is, what is recorded ip Connecting to the local network
On the right side of the middle : The real-time parameters are the access ip Connect to native 2 second ,10 The second and 40 Average traffic per second
=> Send data on behalf of ,<=  For receiving data
Bottom three lines : Means to send , Receiving and total traffic
The bottom three rows, the second column : Run it for you iftop So far, traffic
The bottom three rows, the third column : It's a high peak
The bottom three rows, the fourth column : Is the average 


adopt iftop It's easy to find which ip It's taking over network traffic , This is ifstat Impossible . however iftop The unit of flow display is Mb, This b yes bit, Yes , Not bytes , and ifstat Of KB, This B That's bytes ,byte yes bit Of 8 times . Beginners are easily misled .


Get into iftop The order of

 Get into iftop Some operation commands behind the screen ( Pay attention to case )
Press h Toggle whether to display help ;
Press n Switch to display the local IP Or host name ;
Press s Switch whether to display the local host Information ;
Press d Switch whether to display the remote target host's host Information ;
Press t Switch the display format to 2 That's ok /1 That's ok / Show only the sending traffic / Show only received traffic ;
Press N Switch display port number or port service name ;
Press S Switch whether to display the port information of this machine ;
Press D Switch whether to display the port information of the remote target host ;
Press p Switch whether to display port information ;
Press P Toggle pause / Continue to show ;
Press b Toggles whether the average flow bar is displayed ;
Press B Switch Computing 2 Seconds or 10 Seconds or 40 Average traffic per second ;
Press T Toggles whether the total traffic per connection is displayed ;
Press l Turn on the screen filter function , Enter the characters to filter , such as ip, Press enter , The screen just shows this IP Related traffic information ;
Press L Switch the scale on the top of the display ; The scales are different , The flow graph bar will change ;
Press j Or by k You can scroll up or down the connection record displayed on the screen ;
Press 1 or 2 or 3 It can be sorted according to the three columns of traffic data displayed on the right ;
Press < According to the local name on the left or IP Sort ;
Press > Based on the hostname of the remote target host or IP Sort ;
Press o Switch whether to display only the current connection ;
Press f You can edit the filter code , This is the translation of the saying , I haven't used this yet !
Press ! have access to shell command , This one didn't work ! I don't know what command works here !
Press q Exit monitoring .


 Copy code