Annotation of embedaddon/iftop/iftop.cat, revision 1.1
1.1 ! misho 1: IFTOP(8) IFTOP(8)
! 2:
! 3:
! 4:
! 5: N�NA�AM�ME�E
! 6: iftop - display bandwidth usage on an interface by host
! 7:
! 8:
! 9: S�SY�YN�NO�OP�PS�SI�IS�S
! 10: i�if�ft�to�op�p -�-h�h | [-�-n�nN�Np�pb�bB�BP�P] [-�-i�i _�i_�n_�t_�e_�r_�f_�a_�c_�e] [-�-f�f _�f_�i_�l_�t_�e_�r _�c_�o_�d_�e] [-�-F�F _�n_�e_�t/_�m_�a_�s_�k]
! 11:
! 12:
! 13: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
! 14: i�if�ft�to�op�p listens to network traffic on a named _�i_�n_�t_�e_�r_�f_�a_�c_�e, or on the first
! 15: interface it can find which looks like an external interface if none is
! 16: specified, and displays a table of current bandwidth usage by pairs of
! 17: hosts. i�if�ft�to�op�p must be run with sufficient permissions to monitor all
! 18: network traffic on the _�i_�n_�t_�e_�r_�f_�a_�c_�e; see p�pc�ca�ap�p(3) for more information, but
! 19: on most systems this means that it must be run as root.
! 20:
! 21: By default, i�if�ft�to�op�p will look up the hostnames associated with addresses
! 22: it finds in packets. This can cause substantial traffic of itself, and
! 23: may result in a confusing display. You may wish to suppress display of
! 24: DNS traffic by using filter code such as n�no�ot�t p�po�or�rt�t d�do�om�ma�ai�in�n, or switch it
! 25: off entirely, by using the -�-n�n option or by pressing R�R when the program
! 26: is running.
! 27:
! 28: By default, i�if�ft�to�op�p counts all IP packets that pass through the filter,
! 29: and the direction of the packet is determined according to the direc-
! 30: tion the packet is moving across the interface. Using the -�-F�F option it
! 31: is possible to get i�if�ft�to�op�p to show packets entering and leaving a given
! 32: network. For example, i�if�ft�to�op�p -�-F�F 1�10�0.�.0�0.�.0�0.�.0�0/�/2�25�55�5.�.0�0.�.0�0.�.0�0 will analyse packets
! 33: flowing in and out of the 10.* network.
! 34:
! 35: Some other filter ideas:
! 36:
! 37: n�no�ot�t e�et�th�he�er�r h�ho�os�st�t f�ff�f:�:f�ff�f:�:f�ff�f:�:f�ff�f:�:f�ff�f:�:f�ff�f
! 38: Ignore ethernet broadcast packets.
! 39:
! 40: p�po�or�rt�t h�ht�tt�tp�p a�an�nd�d n�no�ot�t h�ho�os�st�t _�w_�e_�b_�c_�a_�c_�h_�e_�._�e_�x_�a_�m_�p_�l_�e_�._�c_�o_�m
! 41: Count web traffic only, unless it is being directed through a
! 42: local web cache.
! 43:
! 44: i�ic�cm�mp�p How much bandwith are users wasting trying to figure out why the
! 45: network is slow?
! 46:
! 47:
! 48: O�OP�PT�TI�IO�ON�NS�S
! 49: -�-h�h Print a summary of usage.
! 50:
! 51: -�-n�n Don't do hostname lookups.
! 52:
! 53: -�-N�N Do not resolve port number to service names
! 54:
! 55: -�-p�p Run in promiscuous mode, so that traffic which does not pass
! 56: directly through the specified interface is also counted.
! 57:
! 58: -�-P�P Turn on port display.
! 59:
! 60: -�-b�b Don't display bar graphs of traffic.
! 61:
! 62: -�-B�B Display bandwidth rates in bytes/sec rather than bits/sec.
! 63:
! 64: -�-i�i _�i_�n_�t_�e_�r_�f_�a_�c_�e
! 65: Listen to packets on _�i_�n_�t_�e_�r_�f_�a_�c_�e.
! 66:
! 67: -�-f�f _�f_�i_�l_�t_�e_�r _�c_�o_�d_�e
! 68: Use _�f_�i_�l_�t_�e_�r _�c_�o_�d_�e to select the packets to count. Only IP packets
! 69: are ever counted, so the specified code is evaluated as (�(_�f_�i_�l_�t_�e_�r
! 70: _�c_�o_�d_�e)�) a�an�nd�d i�ip�p.
! 71:
! 72: -�-F�F _�n_�e_�t/_�m_�a_�s_�k
! 73: Specifies a network for traffic analysis. If specified, iftop
! 74: will only include packets flowing in to or out of the given net-
! 75: work, and packet direction is determined relative to the network
! 76: boundary, rather than to the interface. You may specify _�m_�a_�s_�k as
! 77: a dotted quad, such as /255.255.255.0, or as a single number
! 78: specifying the number of bits set in the netmask, such as /24.
! 79:
! 80: -�-c�c _�c_�o_�n_�f_�i_�g _�f_�i_�l_�e
! 81: Specifies an alternate config file. If not specified, iftop
! 82: will use ~�~/�/.�.i�if�ft�to�op�pr�rc�c if it exists. See below for a description
! 83: of config files
! 84:
! 85:
! 86: D�DI�IS�SP�PL�LA�AY�Y
! 87: When running, i�if�ft�to�op�p uses the whole screen to display network usage. At
! 88: the top of the display is a logarithmic scale for the bar graph which
! 89: gives a visual indication of traffic.
! 90:
! 91: The main part of the display lists, for each pair of hosts, the rate at
! 92: which data has been sent and received over the preceding 2, 10 and 40
! 93: second intervals. The direction of data flow is indicated by arrows, <=
! 94: and =>. For instance,
! 95:
! 96: foo.example.com => bar.example.com 1Kb 500b 100b
! 97: <= 2Mb 2Mb 2Mb
! 98:
! 99: shows, on the first line, traffic from f�fo�oo�o.�.e�ex�xa�am�mp�pl�le�e.�.c�co�om�m to b�ba�ar�r.�.e�ex�xa�am�m-�-
! 100: p�pl�le�e.�.c�co�om�m; in the preceding 2 seconds, this averaged 1Kbit/s, around half
! 101: that amount over the preceding 10s, and a fifth of that over the whole
! 102: of the last 40s. During each of those intervals, the data sent in the
! 103: other direction was about 2Mbit/s. On the actual display, part of each
! 104: line is inverted to give a visual indication of the 10s average of
! 105: traffic. You might expect to see something like this where host f�fo�oo�o is
! 106: making repeated HTTP requests to b�ba�ar�r, which is sending data back which
! 107: saturates a 2Mbit/s link.
! 108:
! 109: By default, the pairs of hosts responsible for the most traffic (10
! 110: second average) are displayed at the top of the list.
! 111:
! 112: At the bottom of the display, various totals are shown, including peak
! 113: traffic over the last 40s, total traffic transferred (after filtering),
! 114: and total transfer rates averaged over 2s, 10s and 40s.
! 115:
! 116:
! 117: S�SO�OU�UR�RC�CE�E /�/ D�DE�ES�ST�T A�AG�GG�GR�RE�EG�GA�AT�TI�IO�ON�N
! 118: By pressing s�s or d�d while i�if�ft�to�op�p is running, all traffic for each source
! 119: or destination will be aggregated together. This is most useful when
! 120: i�if�ft�to�op�p is run in promiscuous mode, or is run on a gateway machine.
! 121:
! 122:
! 123: P�PO�OR�RT�T D�DI�IS�SP�PL�LA�AY�Y
! 124: S�S or D�D toggle the display of source and destination ports respectively.
! 125: p�p will toggle port display on/off.
! 126:
! 127:
! 128: D�DI�IS�SP�PL�LA�AY�Y T�TY�YP�PE�E
! 129: t�t cycles through the four line display modes; the default 2-line dis-
! 130: play, with sent and received traffic on separate lines, and 3 1-line
! 131: displays, with sent, received, or total traffic shown.
! 132:
! 133:
! 134: D�DI�IS�SP�PL�LA�AY�Y O�OR�RD�DE�ER�R
! 135: By default, the display is ordered according to the 10s average (2nd
! 136: column). By pressing 1�1, 2�2 or 3�3 it is possible to sort by the 1st, 2nd
! 137: or 3rd column. By pressing <�< or >�> the display will be sorted by
! 138: source or destination hostname respectively.
! 139:
! 140:
! 141: D�DI�IS�SP�PL�LA�AY�Y F�FI�IL�LT�TE�ER�RI�IN�NG�G
! 142: l�l allows you to enter a POSIX extended regular expression that will be
! 143: used to filter hostnames shown in the display. This is a good way to
! 144: quickly limit what is shown on the display. Note that this happens at
! 145: a much later stage than filter code, and does not affect what is actu-
! 146: ally captured. Display filters DO NOT affect the totals at the bottom
! 147: of the screen.
! 148:
! 149:
! 150: P�PA�AU�US�SE�E D�DI�IS�SP�PL�LA�AY�Y /�/ F�FR�RE�EE�EZ�ZE�E O�OR�RD�DE�ER�R
! 151: P�P will pause the current display.
! 152:
! 153: o�o will freeze the current screen order. This has the side effect that
! 154: traffic between hosts not shown on the screen at the time will not be
! 155: shown at all, although it will be included in the totals at the bottom
! 156: of the screen.
! 157:
! 158:
! 159: S�SC�CR�RO�OL�LL�L D�DI�IS�SP�PL�LA�AY�Y
! 160: j�j and k�k will scroll the display of hosts. This feature is most useful
! 161: when the display order is frozen (see above).
! 162:
! 163:
! 164: F�FI�IL�LT�TE�ER�R C�CO�OD�DE�E
! 165: f�f allows you to edit the filter code whilst iftop running. This can
! 166: lead to some unexpected behaviour.
! 167:
! 168:
! 169: C�CO�ON�NF�FI�IG�G F�FI�IL�LE�E
! 170: iftop can read its configuration from a config file. If the -�-c�c option
! 171: is not specified, iftop will attempt to read its configuration from
! 172: ~�~/�/.�.i�if�ft�to�op�pr�rc�c, if it exists. Any command line options specified will
! 173: override settings in the config file.
! 174:
! 175: The config file consists of one configuration directive per line. Each
! 176: directive is a name value pair, for example:
! 177:
! 178: interface: eth0
! 179:
! 180: sets the network interface. The following config directives are sup-
! 181: ported:
! 182:
! 183:
! 184: i�in�nt�te�er�rf�fa�ac�ce�e:�: _�i_�f
! 185: Sets the network interface to _�i_�f.
! 186:
! 187: d�dn�ns�s-�-r�re�es�so�ol�lu�ut�ti�io�on�n:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 188: Controls reverse lookup of IP addresses.
! 189:
! 190: p�po�or�rt�t-�-r�re�es�so�ol�lu�ut�ti�io�on�n:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 191: Controls conversion of port numbers to service names.
! 192:
! 193: f�fi�il�lt�te�er�r-�-c�co�od�de�e:�: _�b_�p_�f
! 194: Sets the filter code to _�b_�p_�f.
! 195:
! 196: s�sh�ho�ow�w-�-b�ba�ar�rs�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 197: Controls display of bar graphs.
! 198:
! 199: p�pr�ro�om�mi�is�sc�cu�uo�ou�us�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 200: Puts the interface into promiscuous mode.
! 201:
! 202: p�po�or�rt�t-�-d�di�is�sp�pl�la�ay�y:�: _�(_�o_�f_�f_�|_�s_�o_�u_�r_�c_�e_�-_�o_�n_�l_�y_�|_�d_�e_�s_�t_�i_�n_�a_�t_�i_�o_�n_�-_�o_�n_�l_�y_�|_�o_�n_�)
! 203: Controls display of port numbers.
! 204:
! 205: h�hi�id�de�e-�-s�so�ou�ur�rc�ce�e:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 206: Hides source host names.
! 207:
! 208: h�hi�id�de�e-�-d�de�es�st�ti�in�na�at�ti�io�on�n:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 209: Hides destination host names.
! 210:
! 211: u�us�se�e-�-b�by�yt�te�es�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 212: Use bytes for bandwidth display, rather than bits.
! 213:
! 214: s�so�or�rt�t:�: _�(_�2_�s_�|_�1_�0_�s_�|_�4_�0_�s_�|_�s_�o_�u_�r_�c_�e_�|_�d_�e_�s_�t_�i_�n_�a_�t_�i_�o_�n_�)
! 215: Sets which column is used to sort the display.
! 216:
! 217: l�li�in�ne�e-�-d�di�is�sp�pl�la�ay�y:�: _�(_�t_�w_�o_�-_�l_�i_�n_�e_�|_�o_�n_�e_�-_�l_�i_�n_�e_�-_�b_�o_�t_�h_�|_�o_�n_�e_�-_�l_�i_�n_�e_�-_�s_�e_�n_�t_�|_�o_�n_�e_�-_�l_�i_�n_�e_�-_�r_�e_�c_�e_�i_�v_�e_�d_�)
! 218: Controls the appearance of each item in the display.
! 219:
! 220: s�sh�ho�ow�w-�-t�to�ot�ta�al�ls�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 221: Shows cummulative total for each item.
! 222:
! 223: l�lo�og�g-�-s�sc�ca�al�le�e:�: _�(_�y_�e_�s_�|_�n_�o_�)
! 224: Use a logarithmic scale for bar graphs.
! 225:
! 226: m�ma�ax�x-�-b�ba�an�nd�dw�wi�id�dt�th�h:�: _�b_�w
! 227: Fixes the maximum for the bar graph scale to _�b_�w, e.g. "10M"
! 228:
! 229: n�ne�et�t-�-f�fi�il�lt�te�er�r:�: _�n_�e_�t_�/_�m_�a_�s_�k
! 230: Defines an IP network boundary for determining packet direction.
! 231:
! 232: s�sc�cr�re�ee�en�n-�-f�fi�il�lt�te�er�r:�: _�r_�e_�g_�e_�x_�p
! 233: Sets a regular expression to filter screen output.
! 234:
! 235:
! 236: Q�QU�UI�IR�RK�KS�S (�(a�ak�ka�a t�th�he�ey�y'�'r�re�e f�fe�ea�at�tu�ur�re�es�s,�, n�no�ot�t b�bu�ug�gs�s)�)
! 237: There are some circumstances in which iftop may not do what you expect.
! 238: In most cases what it is doing is logical, and we believe it is correct
! 239: behaviour, although I'm happy to hear reasoned arguments for alterna-
! 240: tive behaviour.
! 241:
! 242: T�To�ot�ta�al�ls�s d�do�on�n'�'t�t a�ad�dd�d u�up�p
! 243:
! 244: There are several reasons why the totals may not appear to add up. The
! 245: most obvious is having a screen filter in effect, or screen ordering
! 246: frozen. In this case some captured information is not being shown to
! 247: you, but is included in the totals.
! 248:
! 249: A more subtle explanation comes about when running in promiscuous mode
! 250: without specifying a -�-F�F option. In this case there is no easy way to
! 251: assign the direction of traffic between two third parties. For the
! 252: purposes of the main display this is done in an arbitrary fashion (by
! 253: ordering of IP addresses), but for the sake of totals all traffic
! 254: between other hosts is accounted as incoming, because that's what it is
! 255: from the point of view of your interface. The -�-F�F option allows you to
! 256: specify an arbitrary network boundary, and to show traffic flowing
! 257: across it.
! 258:
! 259: P�Pe�ea�ak�k t�to�ot�ta�al�ls�s d�do�on�n'�'t�t a�ad�dd�d u�up�p
! 260:
! 261: Again, this is a feature. The peak sent and peak received didn't nec-
! 262: essarily happen at the same time. The peak total is the maximum of
! 263: sent plus received in each captured time division.
! 264:
! 265: C�Ch�ha�an�ng�gi�in�ng�g t�th�he�e f�fi�il�lt�te�er�r c�co�od�de�e d�do�oe�es�sn�n'�'t�t s�se�ee�em�m t�to�o w�wo�or�rk�k
! 266:
! 267: Give it time. Changing the filter code affects what is captured from
! 268: the time that you entered it, but most of what is on the display is
! 269: based on some fraction of the last 40s window of capturing. After
! 270: changing the filter there may be entries on the display that are disal-
! 271: lowed by the current filter for up to 40s. DISPLAY FILTERING has imme-
! 272: diate effect and does not affect what is captured.
! 273:
! 274:
! 275: F�FI�IL�LE�ES�S
! 276: ~�~/�/.�.i�if�ft�to�op�pr�rc�c
! 277: Configuration file for iftop.
! 278:
! 279:
! 280: S�SE�EE�E A�AL�LS�SO�O
! 281: t�tc�cp�pd�du�um�mp�p(8), p�pc�ca�ap�p(3), d�dr�ri�if�ft�tn�ne�et�t(1).
! 282:
! 283:
! 284: A�AU�UT�TH�HO�OR�R
! 285: Paul Warren <pdw@ex-parrot.com>
! 286:
! 287:
! 288: V�VE�ER�RS�SI�IO�ON�N
! 289: $Id: iftop.8,v 1.25 2005/12/25 11:50:21 pdw Exp $
! 290:
! 291:
! 292: C�CO�OP�PY�YI�IN�NG�G
! 293: This program is free software; you can redistribute it and/or modify it
! 294: under the terms of the GNU General Public License as published by the
! 295: Free Software Foundation; either version 2 of the License, or (at your
! 296: option) any later version.
! 297:
! 298: This program is distributed in the hope that it will be useful, but
! 299: WITHOUT ANY WARRANTY; without even the implied warranty of MER-
! 300: CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
! 301: Public License for more details.
! 302:
! 303: You should have received a copy of the GNU General Public License along
! 304: with this program; if not, write to the Free Software Foundation, Inc.,
! 305: 675 Mass Ave, Cambridge, MA 02139, USA.
! 306:
! 307:
! 308:
! 309:
! 310: IFTOP(8)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to iftop.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / iftop