Introduction
In this lab, we will explore the iftop command, a powerful network monitoring tool in Linux. iftop provides real-time analysis of network traffic, allowing you to observe the bandwidth usage of your system. We will start by installing the iftop package, then demonstrate how to use it to monitor network traffic. Additionally, we will cover advanced usage scenarios for the iftop command.
The lab is divided into three main steps:
- Introduction to iftop Command
- Monitoring Network Traffic Using iftop
- Advanced iftop Usage Scenarios
This lab is designed to help you understand and effectively utilize the iftop command for network monitoring and troubleshooting in a Linux environment.
Introduction to iftop Command
In this step, we will introduce the iftop command, a powerful network monitoring tool in Linux. iftop provides real-time analysis of network traffic, allowing you to observe the bandwidth usage of your system.
First, let's install the iftop package:
sudo apt-get update
sudo apt-get install -y iftop
Example output:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following package was automatically installed and is no longer required:
libfprint-2-tod1
Use 'sudo apt autoremove' to remove it.
The following NEW packages will be installed:
iftop
0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
Need to get 59.5 kB of archives.
After this operation, 188 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/universe amd64 iftop amd64 1.0~pre4-5 [59.5 kB]
Fetched 59.5 kB in 0s (0 B/s)
Selecting previously unselected package iftop.
(Reading database ... 123594 files and directories currently installed.)
Preparing to unpack .../iftop_1.0~pre4-5_amd64.deb ...
Unpacking iftop (1.0~pre4-5) ...
Setting up iftop (1.0~pre4-5) ...
Processing triggers for man-db (2.10.2-1) ...
Now, let's run the iftop command:
sudo iftop
Example output:
@@@@ IFTOP 1.0~pre4 @@@@
192.168.1.100 : 192.168.1.101
192.168.1.102
192.168.1.103
192.168.1.104
192.168.1.105
192.168.1.106
192.168.1.107
192.168.1.108
192.168.1.109
192.168.1.110
In: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Out: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Total: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
The iftop command displays the current network traffic on your system, showing the bandwidth usage for each connection. The output includes the source and destination IP addresses, as well as the incoming, outgoing, and total bandwidth usage.
Monitoring Network Traffic Using iftop
In this step, we will learn how to use the iftop command to monitor network traffic on your system.
First, let's start the iftop command in interactive mode:
sudo iftop
This will display the real-time network traffic on your system. The output shows the source and destination IP addresses, as well as the incoming, outgoing, and total bandwidth usage.
To better understand the output, let's go through the different sections:
- The top section displays the host names or IP addresses involved in the network traffic.
- The "In:" section shows the incoming bandwidth for each connection.
- The "Out:" section shows the outgoing bandwidth for each connection.
- The "Total:" section shows the total bandwidth usage for all connections.
You can use the following keys to interact with the iftop command:
p: Pause the displayt: Toggle the time display mode (cumulative or interval)n: Toggle the display of host names or IP addressesi: Cycle through the network interfacesm: Cycle through the display modes (bandwidth, packets, or bits)s: Sort the display by source addressd: Sort the display by destination addressr: Reverse the sort orderq: Quit the iftop command
Example output:
@@@@ IFTOP 1.0~pre4 @@@@
192.168.1.100 : 192.168.1.101
192.168.1.102
192.168.1.103
192.168.1.104
192.168.1.105
192.168.1.106
192.168.1.107
192.168.1.108
192.168.1.109
192.168.1.110
In: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Out: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Total: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Advanced iftop Usage Scenarios
In this step, we will explore some advanced usage scenarios of the iftop command.
- Monitoring a specific network interface:
sudo iftop -i eth0
This will display the network traffic on the eth0 interface only.
- Filtering traffic by host or port:
sudo iftop -F 192.168.1.100
This will display the network traffic to and from the host with the IP address 192.168.1.100.
sudo iftop -p 80
This will display the network traffic on port 80 (HTTP).
- Saving the output to a file:
sudo iftop -B -f iftop.txt
This will save the iftop output to the iftop.txt file in the current directory.
- Displaying the output in a specific format:
sudo iftop -o "%-18s %-18s %10.2f %10.2f %10.2f"
This will display the output in a custom format, showing the source, destination, incoming, outgoing, and total bandwidth usage.
- Displaying the output in a web browser:
sudo iftop -w
This will start the iftop web server and display the network traffic information in a web browser.
Example output:
@@@@ IFTOP 1.0~pre4 @@@@
192.168.1.100 : 192.168.1.101
192.168.1.102
192.168.1.103
192.168.1.104
192.168.1.105
192.168.1.106
192.168.1.107
192.168.1.108
192.168.1.109
192.168.1.110
In: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Out: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Total: 0.00 Kb/s 0.00 Kb/s 0.00 Kb/s
Summary
In this lab, we introduced the iftop command, a powerful network monitoring tool in Linux. We learned how to install and run iftop to observe the real-time bandwidth usage of our system. The iftop command displays the source and destination IP addresses, as well as the incoming and outgoing network traffic. We also explored advanced usage scenarios of iftop, such as monitoring specific network interfaces and filtering traffic based on various criteria. By the end of this lab, you should have a good understanding of how to use iftop to effectively monitor and troubleshoot network issues on your Linux system.
