What is iftop
From iftop website, iftop is defined as an application that listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Iftop works like top command do the same thing for CPU.
Iftop is available in source code file. We need to compile it first. But don’t worry, this installation is easy. Here are the steps.
1. Download iftop source code
$ wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
2. Extract it
$ tar zxvf iftop-0.17.tar.gz
3. Configure iftop
$ cd iftop-0.17
On my Linux, I got an error libpcap when ran ./configure step.
To solve it, I installed libpcap-dev. I run the command below on my Ubuntu Linux.
$ sudo wajig install libpcap-dev
After the library installed, I re-ran ./configure again.
4. Compile it
5. Install it as root
# make install
Iftop need to be run as root user. Otherwise you will have an error that tell about not enough privileges.
After you have root permission, just type :
How to read the information
iftop will display these information.
The top level is a measurement unit. The addresses below is the interaction between your computer (for example is dev-machine-2.local) to the outside addresses. Each addresses has 2 connections in pair. Iftop show us the interaction at the 2, 10, 40 seconds interval.
For example, we will take a look on the top address.
- dev-machine-2.local in the preceding 2 seconds is sent 416 b data to the address 126.96.36.199
- In the preceding 10 seconds dev-machine-2.local is sent 6.83Kb data
- In the preceding 40 seconds dev-machine-2.local. 6.83Kb data
At the same time :
- 188.8.131.52 in the preceding 2 seconds is sent 1.05Kb data to dev-machine-2.local
- In the preceding 10 seconds it sent 42.5Kb data
- In the preceding 40 seconds it sent 42.5Kb data again
At the bottom line, iftop show us the some results :
- Cumulative TX and RX data
- Peak TX and RX data over the last 40 seconds
- Total transfer rates averaged over 2 seconds, 10 seconds and 40 seconds
Run iftop using options
Turn on Port display
To turn on port display, add -P option with iftop
# iftop -P
The port will be displayed in both side. With this option turn on, we can analyze what kind of communication that happened the most.
Display bandwidth rates in bytes/sec
By default, iftop will display rates in bits/sec. To display it in bytes/sec, we can use -B option.
# iftop -B
We know that iftop display rates in bytes/sec is from the capital B letter on the data sent (TX) and received (RX). While if we show the b letter on the data sent and received it tell us that the rates is in bits/sec.
Specifies a network for traffic analysis
We can also ask iftop to only monitor specified network mask. To use this, we can use -F option followed by network mask.
# iftop -F 255.255.0.0
The above command will ask iftop to monitor network which has network mask 255.255.0.0.
Specify a listening interface
If your system has more than 1 interfaces to monitor, we can specify particular interface. Let say if we want to monitor eth0 interface, we can use -i option followed by the interface name.
# iftop -i eth0
Limit the upper bandwidth
Iftop provide an option to limit the upper bandwidth. To use this we can -m option followed by how much the limit.
# iftop -m 2000
The above command will tell iftop to limit 2 Kb (2 Kilobits).
Another part that makes iftop is interesting that iftop provides on-screen command. Press the question mark (?) button on the iftop screen to display the available command.
To exit from the on-screen command help, press the question mark button again.
Iftop is not intended to monitor a long run network bandwidth usage but more to monitor a real-time bandwidth usage for analysis purpose. With iftop source code file around 160 Kb and 1,2 Mb after extracted, iftop is light but has good function. As usual we can always type man iftop or iftop -h to display its manual page and explore it more detail.
source: linoxide. com/monitoring-2/iftop-network-traffic/