How to use the command iftop (with examples)

Description: The iftop command is a network monitoring utility that displays bandwidth usage on a specific network interface by host. It provides real-time information about network traffic, including the amount of data sent and received by each host. With iftop, you can monitor network traffic on your system and identify which hosts are consuming the most bandwidth.

Use case 1: Show the bandwidth usage

Code:

sudo iftop

Motivation: By using the command sudo iftop, you can quickly observe and analyze the network traffic on your system. This information is useful for network administrators or individuals who want to monitor their network usage.

Explanation: The sudo iftop command without any additional arguments will display the bandwidth usage on the default network interface. It provides real-time information such as the source and destination hosts, their IP addresses, and the amount of data transferred between them.

Example output:

  192.168.1.100:42000   =>  104.17.428.50:443   36.5KB  42.5KB
                        <=                      980B     520B                     
  192.168.1.101:5353    =>  239.255.255.250:1900  0B      10.6KB
                        <=                      0B       73B               

Use case 2: Show the bandwidth usage of a given interface

Code:

sudo iftop -i eth0

Motivation: By specifying a particular network interface, you can focus on monitoring the bandwidth usage of a specific network connection. This is particularly useful when you have multiple interfaces on your system.

Explanation: The -i option is used to specify the network interface to monitor. In the example above, eth0 is the interface we want to track. By providing this argument, iftop will display the bandwidth usage exclusively for the specified interface.

Example output:

  192.168.1.100:42000   =>  104.17.428.50:443   36.5KB  42.5KB
                        <=                      980B     520B                     

Use case 3: Show the bandwidth usage with port information

Code:

sudo iftop -P

Motivation: Enabling port information in the output allows you to identify which ports are being used for network communication. This can be helpful for troubleshooting network connections or identifying potentially suspicious activity.

Explanation: The -P option is used to display the port numbers associated with the network connections. Once enabled, the output will include both the IP addresses and the corresponding port numbers for the hosts involved in the network traffic.

Example output:

  192.168.1.100:42000   =>  104.17.428.50:443   36.5KB  42.5KB
                        <=                      980B     520B                     

Use case 4: Do not show bar graphs of traffic

Code:

sudo iftop -b

Motivation: Disabling the bar graphs simplifies the output by removing the visual representation of network traffic. This can be useful in cases where you prefer a more streamlined text-based view of the network traffic data.

Explanation: The -b option turns off the display of bar graphs, which are typically shown alongside the transmitted and received data. When disabled, the output will only display the numerical values without any graphical representation.

Example output:

  192.168.1.100:42000   =>  104.17.428.50:443   36.5KB  42.5KB
                        <=                      980B     520B                     

Use case 5: Do not look up hostnames

Code:

sudo iftop -n

Motivation: When you don’t need hostnames to be resolved, disabling hostname lookup can speed up the output generation, as it avoids the need to query DNS servers for hostname resolution. This can be helpful in scenarios where immediate network statistics are more important than resolving hostnames.

Explanation: The -n option prevents iftop from performing hostname lookups for the IP addresses displayed in the output. Instead of resolving hostnames, the raw IP addresses are shown, resulting in faster output generation.

Example output:

  192.168.1.100:42000   =>  104.17.428.50:443   36.5KB  42.5KB
                        <=                      980B     520B                     

Use case 6: Get help about interactive commands

Code:

?

Motivation: When using iftop, you can access a list of interactive commands that provide additional functionality. By accessing the help menu, you can learn about the available commands and how to use them effectively.

Explanation: Simply entering ? while iftop is running will display a list of interactive commands and their descriptions. This can help you navigate through the available features and make the most of iftop’s capabilities.

Example output:

                                    Iftop Help
?               Toggle this help display
d               Toggle DNS host resolution
u               Toggle display of ports with traffic
n               Toggle service resolution
s               Change current sort field
r               Reverse the current sort field
S               Reset the current sort field
l               Toggle display of filter expression
2               Change the lower limit for the signal graph
3               Change the upper limit for the signal graph

Conclusion:

The iftop command provides a powerful way to monitor network traffic and analyze the bandwidth usage on your system. By utilizing different options and arguments, you can customize the output to fulfill your specific monitoring needs. Whether you need to track overall bandwidth usage, focus on specific network interfaces, or gather additional information about the network traffic, iftop offers a versatile solution.