1.简介
iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?".
iftop监听网络(和top监听cpu使用状态类似),通过监听指定的网口,来展示当前的带宽使用率,用于解答"您的adsl网络链接为何如此之慢”的问题
项目地址:http://www.ex-parrot.com/pdw/iftop/
用途
对定位机器上的流量异常问题,和服务间调用问题比较有用。
2.安装
有两种安装方式
1. yum/apt安装
2.源码编译安装
2.1 yum/apt
#Ubuntusudo apt install -y iftop/xenial #Centossudo yum install -y iftop.x86_64
2.2 源码编译安装
2.2.1 预装系统包
#Ubuntusudo apt-get install flex byacc libpcap0.8 libncurses5 #Centossudo yum install -y flex byacc libpcap ncurses-devel libpcap-devel
2.2.2 编译安装iftop
#下载iftop的安装包 wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz #解压缩iftop的安装包 tar xzvf iftop-0.17.tar.gz #进入对应目录 cd iftop-0.17/ #配置 sudo ./configure #编译 sudo make #安装 sudo make install
3. 运行iftop
3.1 帮助
执行iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B display bandwidth in bytes
-a display bandwidth in packets
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
-t use text interface without ncursesSorting orders:
-o 2s Sort by first column (2s traffic average)
-o 10s Sort by second column (10s traffic average) [default]
-o 40s Sort by third column (40s traffic average)
-o source Sort by source address
-o destination Sort by destination addressThe following options are only available in combination with -t
-s num print one single text output afer num seconds, then quit
-L num number of lines to print
可以看到有很多选项,这里我分享一些常见用法示例
3.2 例子
1. 直接使用iftop :iftop
2.iftop -B
以Byte为单位展示而不是Bit为单位展示
3.iftop -n
不展示hosts信息,也可以在iftop后按n进行切换
显示为主机名
显示为ip
4.iftop -N
不展示端口号;默认展示的ip后面会带端口号。可以进入iftop后按N切换
5.iftop -F 网段
例如: iftop -F 192.168.21.0/192.168.21.0
6.iftop -P
展示host信息和端口信息
7.iftop -i eth0
指定只展示eth0网卡的进出流量,默认只展示eth0的网卡信息
8. 排序(最重要的)
iftop -o 2s,按照rate(2秒内平均流量)那列排序,也可以进入iftop按1
iftop -o 10s,按照rate(10秒内平均流量)那列排序,也可以进入iftop按2
iftop -o 40s,按照rate(40秒内平均流量)那列排序,也可以进入iftop按3
iftop -o source,按照源地址排序,也可以进入iftop按<
iftop -o source,按照目的地址排序,也可以进入iftop按>
9. 常用快捷键
q:退出
?:帮助模式
P: 停止屏幕信息刷新
S: 切换source端口展示
D:切换dest端口展示
j/k:向前后滚动屏幕信息
以上就是iftop相关的介绍了,有问题可以在评论区里留言~
博主:测试生财
座右铭:专注测试与自动化,致力提高研发效能;通过测试精进完成原始积累,通过读书理财奔向财务自由。
csdn:https://blog.csdn.net/ccgshigao