centos8平台基于iftop监控网络流量

时间:2021-01-14 17:59:56

一,iftop的作用:

基于ip统计外部机器与本机之间的网络流量,

可以方便的查看各客户端是否有非正常的到本机的访问

说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest

对应的源码可以访问这里获取: https://github.com/liuhongdi/

说明:作者:刘宏缔 邮箱: 371125307@qq.com

二,安装iftop:

[root@yjweb ~]# yum install iftop

说明:如果yum报错没有任何匹配,则先安装epel源

[root@localhost liuhongdi]# yum install epel-release

三,查看iftop的帮助信息与版本

[root@yjweb ~]# iftop -h

iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]

                               [-F net/mask] [-G net6/mask6]

   -h                  display this message

   -n                  don't do hostname lookups

   -N                  don't convert port numbers to services

   -p                  run in promiscuous mode (show traffic between other

                       hosts on the same network segment)

   -b                  don't display a bar graph of traffic

   -B                  display bandwidth in bytes

   -a                  display bandwidth in packets

   -i interface        listen on named interface

   -f filter code      use filter code to select packets to count

                       (default: none, but only IP packets are counted)

   -F net/mask         show traffic flows in/out of IPv4 network

   -G net6/mask6       show traffic flows in/out of IPv6 network

   -l                  display and count link-local IPv6 traffic (default: off)

   -P                  show ports as well as hosts

   -m limit            sets the upper limit for the bandwidth scale

   -c config file      specifies an alternative configuration file

   -t                  use text interface without ncurses

   Sorting orders:

   -o 2s                Sort by first column (2s traffic average)

   -o 10s               Sort by second column (10s traffic average) [default]

   -o 40s               Sort by third column (40s traffic average)

   -o source            Sort by source address

   -o destination       Sort by destination address

   The following options are only available in combination with -t

   -s num              print one single text output afer num seconds, then quit

   -L num              number of lines to print

iftop, version 1.0pre4

copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors

四,iftop最常用的三个参数

[root@loadserver ~]# iftop -n -N -P

-n:使host信息默认直接都显示IP

(默认会反解成域名,没必要)

-N:使端口信息默认直接都显示端口号

(默认会显示成服务,如:http,https,

没必要,自定义的端口也显示不了)

-P:使host信息及端口信息默认就都显示

说明:加了-P这个参数的统计是统计到了端口,

如果只想看统计到主机,则去掉-P参数

五,iftop的常用方法举例:

1,查看指定网卡的流量情况:

[root@loadserver ~]# iftop -n -N -P -i eth0

2,查看某个ip或网段的流量情况

[root@loadserver ~]# iftop -n -N -P -F 172.117.123.26/32

六,iftop的常用交互命令:

1,q:退出监控

2, b: 打开/关闭流量图形条

(一般不使用)

3,p: 打开/关闭按端口统计

4,P:暂停/继续显示

有时需要查看某一时间点的数据

5,T:打开/关闭 显示每个连接的总流量

6,h:打开/关闭 交互命令的帮助界面

七,把iftop的显示数据输出到文件

[root@loadserver ~]# iftop -t > /root/iftop.txt

八,查看当前的centos版本

[root@yjweb ~]# cat /etc/redhat-release

CentOS Linux release 8.0.1905 (Core)

相关文章