最後更新: 2017-03-06

介紹

iftop 是靠 libpcap 去 monitor 的工具來.

 

---

用法

 

iftop -n -i interface [-f filter code] [-F net/mask]

opts:

-i interface

-n                         # Don't do hostname lookups.

-N                        # Do not resolve port number to service names

-B                        # Display bandwidth rates in bytes/sec rather than bits/sec.

Filter的選項來:

-F net/mask                   # packets flowing in to or out of the given network

-f [not] <host | ether host | icmp | port>

For Example:

iftop -n -i eth2

 

Keyboard

上下 scroll

j and k     上下 scroll來看其他 ip 資訊

Sorting

1, 2, 3      用 column( 2s 10s 40s ) 幾去 sort diaplay
 <             sort by source name
 >             sort by dest name

 

P             pause diaplay
p             顯示 port Number
t             Send only, Received only , Two lines per host
s, d         會 aggregated together 所 in/out 的 address
b             speed bar 的 on / off

 

---

---

Filter 設定

 

"l" 鍵(-F)

Screen filter, 相當於 ip filter

 

"f" 鍵 (-f)

其有 4 種 filter

MAC Addr Filter: ether host ff:ff:ff:ff:ff:ff

Port Filter: port http

Host Filter: host datahunter.org

icmp Filter: icmp

此外, 我們亦可以用 not, and  去串聯 filter, 如

host 192.168.1.1 and port http

filter 後效果:

firefox 原來會同時用幾個 port 去連一個 WebSite

 

---

相關