最後更新: 2023-09-12

介紹

iftop 是靠 libpcap 去 monitor 的工具來.

Default Unit: Xbits/sec

 

---

用法

 

iftop -n -i interface [-f filter code] [-F net/mask]

常用 Opts:

• -i interface
• -n                        # Don't do hostname lookups.
• -N                        # Do not resolve port number to service names
• -B                        # Display bandwidth rates in bytes/sec rather than bits/sec.

有用的 Opts

• -b                # Don't display bar graphs of traffic (頭頂那條 bar)
• -m limit        # a number with a 'K', 'M' or 'G' suffix. e.g. 10M
• -t                 # Use text interface without ncurses (每秒 output 一次當前情況)

Filter 的選項來:

• -F net/mask                   # packets flowing in to or out of the given network
• -f [not] <host | ether host | icmp | port>

Example

#  2, 10  and  40 second intervals.

iftop -nN -i eth2

 

Keyboard

Help

h             # toggle help display

上下 scroll

j and k     上下 scroll來看其他 ip 資訊

Sorting

• 1, 2, 3      用第 1 / 2 / 3 column 幾去 sort diaplay
• <             sort by source name
• >             sort by dest name

Other

• P            # 大階 P, pause diaplay
• p            # toggle port display
• t            # Send only, Received only , Two lines per host
• s            # toggle show source host
• d            # toggle show destination host
• b            # speed bar 的 on / off

頂的 speed bar

                208Mb           416Mb           624Mb           832Mb     1.02Gb
└───────────────┴───────────────┴───────────────┴───────────────┴───────────────

如果 on 就要與合 -m limit 使用, 否則會跟 NIC 的 bandwidth

# -m 100m

 

• T           # 每個 source 及 destination 的總傳輸量

 One line per host ─────────────────────────────────────────────────────────────
S.S.S.S       <=> D.D.D.D         86.4MB  34.4Mb  32.8Mb  31.4Mb

• t            # 切換 display mode (two-line(default)|one-line-both|one-line-sent|one-line-received)

 One line per host ─────────────────────────────────────────────────────────────
S.S.S.S       <=> D.D.D.D         86.4MB  34.4Mb  32.8Mb  31.4Mb

Config File

~/.iftoprc

interface: ens33
dns-resolution: no
show-bars: no
port-display: yes
port-resolution: yes
show-totals: yes

 

---

---

Filter 設定

 

"l" 鍵(-F)

Screen filter, 相當於 ip filter

 

"f" 鍵 (-f)

其有 4 種 filter

• MAC Addr Filter: ether host ff:ff:ff:ff:ff:ff
• Port Filter: port http
• Host Filter: host datahunter.org
• icmp Filter: icmp

此外, 我們亦可以用 not, and  去串聯 filter, 如

host 192.168.1.1 and port http

filter 後效果:

firefox 原來會同時用幾個 port 去連一個 WebSite

 

---

Troubleshoot

 

UI 的直線變成了 "mqqqqqqqqqqqqqqqqqqqvqqqqqqqqqqqqqqqqqqqv"

原因:

iftop outputs "normal" ACS charchters(alternative character set),
  and not using the unicode range when run with UTF-8

解決:

1) iftop -t

使用 text mode 的 iftop

2) LANG=C

LANG=C iftop

3) NCURSES_NO_UTF8_ACS=1

NCURSES_NO_UTF8_ACS=1 iftop

4) LANG=C luit

luit - It will convert application output from the locale's encoding into UTF-8 (Size 很大)

e.g.

LANG=C luit iftop