Linux iftop Command with Practical Examples

Introduction

In this lab, we will explore the iftop command, a powerful network monitoring tool in Linux. iftop provides real-time analysis of network traffic, allowing you to observe the bandwidth usage of your system. We will start by installing the iftop package, then demonstrate how to use it to monitor network traffic. Additionally, we will cover advanced usage scenarios for the iftop command.

The lab is divided into three main steps:

Introduction to iftop Command
Monitoring Network Traffic Using iftop
Advanced iftop Usage Scenarios

This lab is designed to help you understand and effectively utilize the iftop command for network monitoring and troubleshooting in a Linux environment.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/SystemInformationandMonitoringGroup(["`System Information and Monitoring`"]) linux(("`Linux`")) -.-> linux/PackagesandSoftwaresGroup(["`Packages and Softwares`"]) linux(("`Linux`")) -.-> linux/RemoteAccessandNetworkingGroup(["`Remote Access and Networking`"]) linux/SystemInformationandMonitoringGroup -.-> linux/watch("`Command Repeating`") linux/PackagesandSoftwaresGroup -.-> linux/apt("`Package Handling`") linux/RemoteAccessandNetworkingGroup -.-> linux/ifconfig("`Network Configuring`") linux/RemoteAccessandNetworkingGroup -.-> linux/netstat("`Network Monitoring`") subgraph Lab Skills linux/watch -.-> lab-422732{{"`Linux iftop Command with Practical Examples`"}} linux/apt -.-> lab-422732{{"`Linux iftop Command with Practical Examples`"}} linux/ifconfig -.-> lab-422732{{"`Linux iftop Command with Practical Examples`"}} linux/netstat -.-> lab-422732{{"`Linux iftop Command with Practical Examples`"}} end

Introduction to iftop Command

In this step, we will introduce the iftop command, a powerful network monitoring tool in Linux. iftop provides real-time analysis of network traffic, allowing you to observe the bandwidth usage of your system.

First, let's install the iftop package:

sudo apt-get update
sudo apt-get install -y iftop

Example output:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfprint-2-tod1
Use 'sudo apt autoremove' to remove it.
The following NEW packages will be installed:
  iftop
0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
Need to get 59.5 kB of archives.
After this operation, 188 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/universe amd64 iftop amd64 1.0~pre4-5 [59.5 kB]
Fetched 59.5 kB in 0s (0 B/s)
Selecting previously unselected package iftop.
(Reading database ... 123594 files and directories currently installed.)
Preparing to unpack .../iftop_1.0~pre4-5_amd64.deb ...
Unpacking iftop (1.0~pre4-5) ...
Setting up iftop (1.0~pre4-5) ...
Processing triggers for man-db (2.10.2-1) ...

Now, let's run the iftop command:

sudo iftop

Example output:

@@@@ IFTOP 1.0~pre4 @@@@
 192.168.1.100 : 192.168.1.101
                 192.168.1.102
                 192.168.1.103
                 192.168.1.104
                 192.168.1.105
                 192.168.1.106
                 192.168.1.107
                 192.168.1.108
                 192.168.1.109
                 192.168.1.110

            In:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s
           Out:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s
         Total:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s

The iftop command displays the current network traffic on your system, showing the bandwidth usage for each connection. The output includes the source and destination IP addresses, as well as the incoming, outgoing, and total bandwidth usage.

Monitoring Network Traffic Using iftop

In this step, we will learn how to use the iftop command to monitor network traffic on your system.

First, let's start the iftop command in interactive mode:

sudo iftop

This will display the real-time network traffic on your system. The output shows the source and destination IP addresses, as well as the incoming, outgoing, and total bandwidth usage.

To better understand the output, let's go through the different sections:

The top section displays the host names or IP addresses involved in the network traffic.
The "In:" section shows the incoming bandwidth for each connection.
The "Out:" section shows the outgoing bandwidth for each connection.
The "Total:" section shows the total bandwidth usage for all connections.

You can use the following keys to interact with the iftop command:

p: Pause the display
t: Toggle the time display mode (cumulative or interval)
n: Toggle the display of host names or IP addresses
i: Cycle through the network interfaces
m: Cycle through the display modes (bandwidth, packets, or bits)
s: Sort the display by source address
d: Sort the display by destination address
r: Reverse the sort order
q: Quit the iftop command

Example output:

@@@@ IFTOP 1.0~pre4 @@@@
 192.168.1.100 : 192.168.1.101
                 192.168.1.102
                 192.168.1.103
                 192.168.1.104
                 192.168.1.105
                 192.168.1.106
                 192.168.1.107
                 192.168.1.108
                 192.168.1.109
                 192.168.1.110

            In:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s
           Out:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s
         Total:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s

Advanced iftop Usage Scenarios

In this step, we will explore some advanced usage scenarios of the iftop command.

Monitoring a specific network interface:

sudo iftop -i eth0

This will display the network traffic on the eth0 interface only.

Filtering traffic by host or port:

sudo iftop -F 192.168.1.100

This will display the network traffic to and from the host with the IP address 192.168.1.100.

sudo iftop -p 80

This will display the network traffic on port 80 (HTTP).

Saving the output to a file:

sudo iftop -B -f iftop.txt

This will save the iftop output to the iftop.txt file in the current directory.

Displaying the output in a specific format:

sudo iftop -o "%-18s %-18s %10.2f %10.2f %10.2f"

This will display the output in a custom format, showing the source, destination, incoming, outgoing, and total bandwidth usage.

Displaying the output in a web browser:

sudo iftop -w

This will start the iftop web server and display the network traffic information in a web browser.

Example output:

@@@@ IFTOP 1.0~pre4 @@@@
 192.168.1.100 : 192.168.1.101
                 192.168.1.102
                 192.168.1.103
                 192.168.1.104
                 192.168.1.105
                 192.168.1.106
                 192.168.1.107
                 192.168.1.108
                 192.168.1.109
                 192.168.1.110

            In:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s
           Out:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s
         Total:  0.00 Kb/s   0.00 Kb/s   0.00 Kb/s

Summary

In this lab, we introduced the iftop command, a powerful network monitoring tool in Linux. We learned how to install and run iftop to observe the real-time bandwidth usage of our system. The iftop command displays the source and destination IP addresses, as well as the incoming and outgoing network traffic. We also explored advanced usage scenarios of iftop, such as monitoring specific network interfaces and filtering traffic based on various criteria. By the end of this lab, you should have a good understanding of how to use iftop to effectively monitor and troubleshoot network issues on your Linux system.

Linux Commands Cheat Sheet

Linux iftop Command with Practical Examples

Introduction

Skills Graph

Introduction to iftop Command

Monitoring Network Traffic Using iftop

Advanced iftop Usage Scenarios

Summary

Other Linux Tutorials you may like