Linux iftop – Listen Network traffic (interface) & Bandwidth (pair of hosts)

What is iftop

From iftop website, iftop is defined as an application that listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Iftop works like top command do the same thing for CPU.

Installing iftop

Iftop is available in source code file. We need to compile it first. But don’t worry, this installation is easy. Here are the steps.

1. Download iftop source code

$ wget

2. Extract it

$ tar zxvf iftop-0.17.tar.gz

3. Configure iftop

$ cd iftop-0.17
$ ./configure

On my Linux, I got an error libpcap when ran ./configure step.

Error Libpcap

To solve it, I installed libpcap-dev. I run the command below on my Ubuntu Linux.

$ sudo wajig install libpcap-dev

After the library installed, I re-ran ./configure again.

4. Compile it

$ make

5. Install it as root

# make install

Using iftop

Iftop need to be run as root user. Otherwise you will have an error that tell about not enough privileges.

Run iftop without no root access

After you have root permission, just type :

# iftop

Run iftop

How to read the information

iftop will display these information.

The top level is a measurement unit. The addresses below is the interaction between your computer (for example is dev-machine-2.local) to the outside addresses. Each addresses has 2 connections in pair. Iftop show us the interaction at the 2, 10, 40 seconds interval.

For example, we will take a look on the top address.

  • dev-machine-2.local in the preceding 2 seconds is sent 416 b data to the address
  • In the preceding 10 seconds dev-machine-2.local is sent 6.83Kb data
  • In the preceding 40 seconds dev-machine-2.local. 6.83Kb data

At the same time :

  • in the preceding 2 seconds is sent 1.05Kb data to dev-machine-2.local
  • In the preceding 10 seconds it sent 42.5Kb data
  • In the preceding 40 seconds it sent 42.5Kb data again

At the bottom line, iftop show us the some results :

  • Cumulative TX and RX data
  • Peak TX and RX data over the last 40 seconds
  • Total transfer rates averaged over 2 seconds, 10 seconds and 40 seconds

Run iftop using options

Turn on Port display

To turn on port display, add -P option with iftop

# iftop -P

Port display

The port will be displayed in both side. With this option turn on, we can analyze what kind of communication that happened the most.

Display bandwidth rates in bytes/sec

By default, iftop will display rates in bits/sec. To display it in bytes/sec, we can use -B option.

# iftop -B

Display btye/sec

We know that iftop display rates in bytes/sec is from the capital B letter on the data sent (TX) and received (RX). While if we show the b letter on the data sent and received it tell us that the rates is in bits/sec.

Specifies a network for traffic analysis

We can also ask iftop to only monitor specified network mask. To use this, we can use -F option followed by network mask.

# iftop -F

The above command will ask iftop to monitor network which has network mask

Monitor using netmask

Specify a listening interface

If your system has more than 1 interfaces to monitor, we can specify particular interface. Let say if we want to monitor eth0 interface, we can use -i option followed by the interface name.

# iftop -i eth0

Listen eth0 interface

Limit the upper bandwidth

Iftop provide an option to limit the upper bandwidth. To use this we can -m option followed by how much the limit.

# iftop -m 2000

The above command will tell iftop to limit 2 Kb (2 Kilobits).

Limit upper bandwidth to 2 Kb

On-screen command

Another part that makes iftop is interesting that iftop provides on-screen command. Press the question mark (?) button on the iftop screen to display the available command.

On-screen command

To exit from the on-screen command help, press the question mark button again.


Iftop is not intended to monitor a long run network bandwidth usage but more to monitor a real-time bandwidth usage for analysis purpose. With iftop source code file around 160 Kb and 1,2 Mb after extracted, iftop is light but has good function. As usual we can always type man iftop or iftop -h to display its manual page and explore it more detail.


source:  linoxide. com/monitoring-2/iftop-network-traffic/