iFtop is a linux tool one can use to monitor traffic in and out of your server.. I like to think of it as a stripped down none GUI version of wireshark. In this cheat sheet I’m going to give you the basic command line switches and combination to use when troubleshooting using iftop.
First, you can always use iftop –help from the shell to get a list of available options / flags / switches.
root# iftop –help
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npbBP] [-i interface] [-f filter code] [-N net/mask]
-h display this message
-n don’t do hostname lookups
-N don’t convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don’t display a bar graph of traffic
-B Display bandwidth in bytes
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of network
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
iftop, version 0.17
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors
Also once iftop is running you can manipulate the data as it is outputted on your screen. Things like sorts, turning of DNS, and various other calculations.
While iftop is running press the “h” key:
─
Host display: General:
n – toggle DNS host resolution P – pause display
s – toggle show source host h – toggle this help display
d – toggle show destination host b – toggle bar graph display
t – cycle line display mode B – cycle bar graph average
T – toggle cummulative line totals
Port display: j/k – scroll display
N – toggle service resolution f – edit filter code
S – toggle show source port l – set screen filter
D – toggle show destination port L – lin/log scales
p – toggle port display ! – shell command
q – quit
Sorting:
1/2/3 – sort by 1st/2nd/3rd column
< – sort by source name
> – sort by dest name
o – freeze current order
iftop, version 0.17
Here’s the command line switches / flags I Use
First of all, I almost always add the -P flag to the end of the command, this tells me the destination port.
- shell#iftop -n // this doesn’t do host lookups and let’s me view just the ip of the destination.
- shell#iftop -P // this flag shows the source port
- shell#iftop -nP // You can combine flag / switches using the command-line like this
You can download iftop from the creators website.
If you need help leave a comment and I’ll get back with you.