一、iftop介绍
iftop是一款实时流量监控工具,监控TCP/IP连接等,缺点就是无报表功能。必须以root身份才能运行。
二、检查本地系统环境
1.检查系统版本
[root@jeven ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
2.检查系统内核版本
[root@jeven ~]# uname -r
6.1.8-1.el7.elrepo.x86_64
三、检查yum仓库状态
[root@jeven ~]# yum repolist all |grep enable
base/7/x86_64 CentOS-7 - Base - mirrors.a enabled: 10,072
docker-ce-stable/7/x86_64 Docker CE Stable - x86_64 enabled: 198
elrepo ELRepo.org Community Enterp enabled: 154
epel/x86_64 Extra Packages for Enterpri enabled: 13,740
extras/7/x86_64 CentOS-7 - Extras - mirrors enabled: 515
updates/7/x86_64 CentOS-7 - Updates - mirror enabled: 4,691
四、安装iftop工具
1.使用yum安装iftop
本次yum仓库配置使用的是阿里云的镜像源,可直接使用yum安装iftop。
[root@jeven ~]# yum -y install iftop
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* elrepo: mirrors.tuna.tsinghua.edu.cn
* epel: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package iftop.x86_64 0:1.0-0.21.pre4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================
Installing:
iftop x86_64 1.0-0.21.pre4.el7 epel 53 k
Transaction Summary
====================================================================================================================================================================
Install 1 Package
Total download size: 53 k
Installed size: 94 k
Downloading packages:
iftop-1.0-0.21.pre4.el7.x86_64.rpm | 53 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iftop-1.0-0.21.pre4.el7.x86_64 1/1
Verifying : iftop-1.0-0.21.pre4.el7.x86_64 1/1
Installed:
iftop.x86_64 0:1.0-0.21.pre4.el7
Complete!
2.查看iftop版本与命令帮助
查看iftop的命令帮助,显示版本为iftop, version 1.0pre4。
[root@jeven ~]# iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
[-F net/mask] [-G net6/mask6]
-h display this message
-n don't do hostname lookups
-N don't convert port numbers to services
-p run in promiscuous mode (show traffic between other
hosts on the same network segment)
-b don't display a bar graph of traffic
-B display bandwidth in bytes
-a display bandwidth in packets
-i interface listen on named interface
-f filter code use filter code to select packets to count
(default: none, but only IP packets are counted)
-F net/mask show traffic flows in/out of IPv4 network
-G net6/mask6 show traffic flows in/out of IPv6 network
-l display and count link-local IPv6 traffic (default: off)
-P show ports as well as hosts
-m limit sets the upper limit for the bandwidth scale
-c config file specifies an alternative configuration file
-t use text interface without ncurses
Sorting orders:
-o 2s Sort by first column (2s traffic average)
-o 10s Sort by second column (10s traffic average) [default]
-o 40s Sort by third column (40s traffic average)
-o source Sort by source address
-o destination Sort by destination address
The following options are only available in combination with -t
-s num print one single text output afer num seconds, then quit
-L num number of lines to print
iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors
五、iftop的基本使用
1.直接使用iftop命令
直接输入iftop,默认监控的是第一块网卡。
iftop #默认是监控第一块网卡的流量
2.iftop的显示说明
- 第一部分
iftop 输出中最上面的一行,此行信息是流量刻度,用于显示网卡带宽流量。
- 第二部分
1.中间的<= =>这两个左右箭头,表示的是流量的方向。
2.其中又分别分为左、中、右三列。左列和中列,记录了哪些 IP 或主机正在和本机的网络进行连接。其中,中列的“=>”代表发送数据,“<=”代表接收数据,通过这个指示箭头可以很清晰地知道两个 IP 之间的通信情况。
3.最右列又分为三小列,这些实时参数分别表示外部 IP 连接到本机 2 秒内、10 秒内和 40 秒内的平均流量值。
- 第三部分
分割线最下面的一部分,用来统计网卡流量信息。
TX:发送流量
RX:接收流量
TOTAL:总流量
Cumm:运行iftop到目前时间的总流量
peak:流量峰值
rates:分别表示过去 2s 10s 40s 的平均流量
3.指定监控某块网卡
[root@jeven ~]# iftop -i ens33
4.直接显示IP
直接显示IP, 不进行DNS反解析
5.显示某个网段进出封包流量
iftop -F 192.168.3.0/24