How to use the command iftop (with examples)
- Linux
- December 25, 2023
Description:
The iftop
command is a network monitoring utility that displays bandwidth usage on a specific network interface by host. It provides real-time information about network traffic, including the amount of data sent and received by each host. With iftop
, you can monitor network traffic on your system and identify which hosts are consuming the most bandwidth.
Use case 1: Show the bandwidth usage
Code:
sudo iftop
Motivation:
By using the command sudo iftop
, you can quickly observe and analyze the network traffic on your system. This information is useful for network administrators or individuals who want to monitor their network usage.
Explanation:
The sudo iftop
command without any additional arguments will display the bandwidth usage on the default network interface. It provides real-time information such as the source and destination hosts, their IP addresses, and the amount of data transferred between them.
Example output:
192.168.1.100:42000 => 104.17.428.50:443 36.5KB 42.5KB
<= 980B 520B
192.168.1.101:5353 => 239.255.255.250:1900 0B 10.6KB
<= 0B 73B
Use case 2: Show the bandwidth usage of a given interface
Code:
sudo iftop -i eth0
Motivation: By specifying a particular network interface, you can focus on monitoring the bandwidth usage of a specific network connection. This is particularly useful when you have multiple interfaces on your system.
Explanation:
The -i
option is used to specify the network interface to monitor. In the example above, eth0
is the interface we want to track. By providing this argument, iftop
will display the bandwidth usage exclusively for the specified interface.
Example output:
192.168.1.100:42000 => 104.17.428.50:443 36.5KB 42.5KB
<= 980B 520B
Use case 3: Show the bandwidth usage with port information
Code:
sudo iftop -P
Motivation: Enabling port information in the output allows you to identify which ports are being used for network communication. This can be helpful for troubleshooting network connections or identifying potentially suspicious activity.
Explanation:
The -P
option is used to display the port numbers associated with the network connections. Once enabled, the output will include both the IP addresses and the corresponding port numbers for the hosts involved in the network traffic.
Example output:
192.168.1.100:42000 => 104.17.428.50:443 36.5KB 42.5KB
<= 980B 520B
Use case 4: Do not show bar graphs of traffic
Code:
sudo iftop -b
Motivation: Disabling the bar graphs simplifies the output by removing the visual representation of network traffic. This can be useful in cases where you prefer a more streamlined text-based view of the network traffic data.
Explanation:
The -b
option turns off the display of bar graphs, which are typically shown alongside the transmitted and received data. When disabled, the output will only display the numerical values without any graphical representation.
Example output:
192.168.1.100:42000 => 104.17.428.50:443 36.5KB 42.5KB
<= 980B 520B
Use case 5: Do not look up hostnames
Code:
sudo iftop -n
Motivation: When you don’t need hostnames to be resolved, disabling hostname lookup can speed up the output generation, as it avoids the need to query DNS servers for hostname resolution. This can be helpful in scenarios where immediate network statistics are more important than resolving hostnames.
Explanation:
The -n
option prevents iftop
from performing hostname lookups for the IP addresses displayed in the output. Instead of resolving hostnames, the raw IP addresses are shown, resulting in faster output generation.
Example output:
192.168.1.100:42000 => 104.17.428.50:443 36.5KB 42.5KB
<= 980B 520B
Use case 6: Get help about interactive commands
Code:
?
Motivation:
When using iftop
, you can access a list of interactive commands that provide additional functionality. By accessing the help menu, you can learn about the available commands and how to use them effectively.
Explanation:
Simply entering ?
while iftop
is running will display a list of interactive commands and their descriptions. This can help you navigate through the available features and make the most of iftop
’s capabilities.
Example output:
Iftop Help
? Toggle this help display
d Toggle DNS host resolution
u Toggle display of ports with traffic
n Toggle service resolution
s Change current sort field
r Reverse the current sort field
S Reset the current sort field
l Toggle display of filter expression
2 Change the lower limit for the signal graph
3 Change the upper limit for the signal graph
Conclusion:
The iftop
command provides a powerful way to monitor network traffic and analyze the bandwidth usage on your system. By utilizing different options and arguments, you can customize the output to fulfill your specific monitoring needs. Whether you need to track overall bandwidth usage, focus on specific network interfaces, or gather additional information about the network traffic, iftop
offers a versatile solution.