How to use the command 'iftop' (with examples)

How to use the command 'iftop' (with examples)

iftop is a real-time command-line tool used to analyze network bandwidth usage on an interface by host. It provides a visual display of network traffic on a specific interface, showing which hosts are communicating and the data transfer rates. This information can be invaluable for administrators looking to monitor and troubleshoot network activity.

Use case 1: Show the bandwidth usage

Code:

sudo iftop

Motivation:
To effortlessly monitor the real-time network bandwidth usage on the default network interface, sudo iftop can be extremely helpful. This use case is particularly valuable for system administrators who wish to obtain an immediate overview of network activity and diagnose any unusual spike in traffic, which may point to security issues or network misconfigurations.

Explanation:

  • sudo: Running iftop with administrative privileges is necessary because monitoring network interfaces typically requires root access.
  • iftop: Invokes the command for displaying the bandwidth usage.

Example output:

10.0.0.2       =>  10.0.0.3         1.50Mb     1.70Mb     1.80Mb          8Kb         15Kb         30Kb
                 <=                  1.40Mb     1.60Mb     1.70Mb          6Kb         14Kb         25Kb

10.0.0.5       =>  10.0.0.10        0.50Mb     0.70Mb     0.80Mb          2Kb          5Kb         10Kb
                 <=                  0.40Mb     0.60Mb     0.70Mb          1Kb          3Kb          8Kb

This output represents active connections, their direction, and current bandwidth usage in real-time measurements. The columns show the bandwidth for the last 2 seconds, 10 seconds, and 40 seconds intervals. The bottom three lines for each connection summarize the total traffic sent and received over the period.

Use case 2: Show the bandwidth usage of a given interface

Code:

sudo iftop -i eth0

Motivation:
When managing a system with multiple network interfaces, it becomes crucial to monitor a specific interface individually, such as eth0, wlan0, or any other. This ability to specify the interface helps in analyzing particular network paths or diagnosing issues confined to a specific network segment.

Explanation:

  • -i interface: This option is used to specify a particular network interface. In this example, eth0 is used, which is a commonly used identifier for an Ethernet network interface in Unix-like systems.

Example output:

Interface: eth0 - Displaying data...

10.0.0.3       =>  10.0.0.4         2.00Mb     2.10Mb     2.20Mb         10Kb         15Kb         35Kb
                 <=                  1.90Mb     2.00Mb     2.10Mb          9Kb         12Kb         28Kb

This output is similar to the general output of iftop but is restricted to the specified interface (eth0), allowing for focused analysis on traffic passing through that single network path.

Use case 3: Show the bandwidth usage with port information

Code:

sudo iftop -P

Motivation:
Understanding which applications are consuming bandwidth can aid in diagnosing traffic issues or ensuring compliance with network policies. By including port information, network managers can associate traffic flows with specific services, making it easier to pinpoint applications that are bandwidth-heavy.

Explanation:

  • -P: This flag enables the display of the port numbers along with the host information, making it easier to identify the applications corresponding to those ports.

Example output:

10.0.0.6:443   =>  10.0.0.7:1056    0.70Mb     0.75Mb     0.80Mb          3Kb          6Kb         12Kb
                 <=                  0.60Mb     0.65Mb     0.70Mb          5Kb          7Kb         14Kb

The output displays traffic details including port numbers (e.g., port 443, often used for HTTPS) alongside the associated hosts, providing insights into the types of services generating traffic.

Use case 4: Do not show bar graphs of traffic

Code:

sudo iftop -b

Motivation:
While visual bar graphs are beneficial to quickly understand traffic load, they can sometimes clutter the view, especially when a clean or compressed text output is preferred for logging purposes, to simplify automated scripts, or during complex terminal setups where display space is limited.

Explanation:

  • -b: This command-line argument suppresses traffic bar graphs, displaying only numeric data about bandwidth.

Example output:

10.0.0.8       =>  10.0.0.9         1.20Mb     1.40Mb     1.60Mb
                 <=                  1.10Mb     1.30Mb     1.50Mb

10.0.0.1       =>  10.0.0.2         3.20Mb     3.40Mb     3.60Mb
                 <=                  3.10Mb     3.30Mb     3.50Mb

The absence of bar graphs provides a straightforward numerical view of the bandwidth, which might be preferred or required for some specific use cases or environments.

Use case 5: Do not look up hostnames

Code:

sudo iftop -n

Motivation:
Hostname resolution can be a time-consuming process and sometimes leads to privacy concerns or inefficiencies in environments with frequent IP changes. Skipping hostname resolution reduces the load on DNS and displays raw IP addresses which might be preferred in privacy-conscious or performance-oriented environments.

Explanation:

  • -n: This option ensures that iftop doesn’t attempt to resolve IP addresses to hostnames, resulting in faster initial load times.

Example output:

192.168.1.3    =>  192.168.1.7     0.30Mb     0.40Mb     0.50Mb
                 <=                 0.25Mb     0.35Mb     0.45Mb

By showing only numerical IP addresses, the output is immediate and hostname resolution delays are eliminated, providing more instantaneous data presentation.

Use case 6: Display help

Code:

?

Motivation:
Access to help and command usage information directly from the application is essential for new users to learn functionalities and for experienced users to quickly recall command-line arguments. Understanding the options and capabilities of iftop is critical to harness its full potential for network monitoring.

Explanation:
The question mark ? is a shortcut key to bring up the help menu when already running inside the iftop interface.

Example output:

iftop: display help

 anywhere: ?
       aa toggle show addresses showing
       hostnames 
       ax set window to show average packets transfered
       ax set window to show average bytes transfered
...

The help screen provides a comprehensive list of keyboard shortcuts and command options to navigate and customize iftop, aiding users in leveraging the tool to its fullest extent.

Conclusion:

iftop is a versatile tool for monitoring real-time network activity, offering flexibility through various command-line options. Whether addressing specific network interfaces, withholding hostnames for quicker processing, or obtaining clear and concise data without graphical distractions, iftop serves as an invaluable resource for network professionals and system administrators tasked with ensuring healthy and efficient network operations. The examples and explanations above will help users effectively deploy iftop in various scenarios to maximize their network insights and decision-making processes.

Tags :

Related Posts

How to Use the Command 'openssl req' (with examples)

How to Use the Command 'openssl req' (with examples)

The openssl req command is a versatile tool within the OpenSSL suite that is primarily used for managing PKCS#10 Certificate Signing Requests (CSRs).

Read More
How to Use the Command 'convmv' (with examples)

How to Use the Command 'convmv' (with examples)

The convmv command is a versatile tool used primarily in Linux systems for converting the encoding of filenames rather than the content of the files themselves.

Read More
Exploring 'dnsx': A Comprehensive DNS Toolkit (with examples)

Exploring 'dnsx': A Comprehensive DNS Toolkit (with examples)

‘dnsx’ is a powerful and versatile DNS toolkit aimed at efficiently performing a variety of DNS queries.

Read More