Annotation of embedaddon/iftop/iftop.cat, revision 1.1.1.1
1.1 misho 1: IFTOP(8) IFTOP(8)
2:
3:
4:
5: N�NA�AM�ME�E
6: iftop - display bandwidth usage on an interface by host
7:
8:
9: S�SY�YN�NO�OP�PS�SI�IS�S
10: i�if�ft�to�op�p -�-h�h | [-�-n�nN�Np�pb�bB�BP�P] [-�-i�i _�i_�n_�t_�e_�r_�f_�a_�c_�e] [-�-f�f _�f_�i_�l_�t_�e_�r _�c_�o_�d_�e] [-�-F�F _�n_�e_�t/_�m_�a_�s_�k]
11:
12:
13: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
14: i�if�ft�to�op�p listens to network traffic on a named _�i_�n_�t_�e_�r_�f_�a_�c_�e, or on the first
15: interface it can find which looks like an external interface if none is
16: specified, and displays a table of current bandwidth usage by pairs of
17: hosts. i�if�ft�to�op�p must be run with sufficient permissions to monitor all
18: network traffic on the _�i_�n_�t_�e_�r_�f_�a_�c_�e; see p�pc�ca�ap�p(3) for more information, but
19: on most systems this means that it must be run as root.
20:
21: By default, i�if�ft�to�op�p will look up the hostnames associated with addresses
22: it finds in packets. This can cause substantial traffic of itself, and
23: may result in a confusing display. You may wish to suppress display of
24: DNS traffic by using filter code such as n�no�ot�t p�po�or�rt�t d�do�om�ma�ai�in�n, or switch it
25: off entirely, by using the -�-n�n option or by pressing R�R when the program
26: is running.
27:
28: By default, i�if�ft�to�op�p counts all IP packets that pass through the filter,
29: and the direction of the packet is determined according to the direc-
30: tion the packet is moving across the interface. Using the -�-F�F option it
31: is possible to get i�if�ft�to�op�p to show packets entering and leaving a given
32: network. For example, i�if�ft�to�op�p -�-F�F 1�10�0.�.0�0.�.0�0.�.0�0/�/2�25�55�5.�.0�0.�.0�0.�.0�0 will analyse packets
33: flowing in and out of the 10.* network.
34:
35: Some other filter ideas:
36:
37: n�no�ot�t e�et�th�he�er�r h�ho�os�st�t f�ff�f:�:f�ff�f:�:f�ff�f:�:f�ff�f:�:f�ff�f:�:f�ff�f
38: Ignore ethernet broadcast packets.
39:
40: p�po�or�rt�t h�ht�tt�tp�p a�an�nd�d n�no�ot�t h�ho�os�st�t _�w_�e_�b_�c_�a_�c_�h_�e_�._�e_�x_�a_�m_�p_�l_�e_�._�c_�o_�m
41: Count web traffic only, unless it is being directed through a
42: local web cache.
43:
44: i�ic�cm�mp�p How much bandwith are users wasting trying to figure out why the
45: network is slow?
46:
47:
48: O�OP�PT�TI�IO�ON�NS�S
49: -�-h�h Print a summary of usage.
50:
51: -�-n�n Don't do hostname lookups.
52:
53: -�-N�N Do not resolve port number to service names
54:
55: -�-p�p Run in promiscuous mode, so that traffic which does not pass
56: directly through the specified interface is also counted.
57:
58: -�-P�P Turn on port display.
59:
60: -�-b�b Don't display bar graphs of traffic.
61:
62: -�-B�B Display bandwidth rates in bytes/sec rather than bits/sec.
63:
64: -�-i�i _�i_�n_�t_�e_�r_�f_�a_�c_�e
65: Listen to packets on _�i_�n_�t_�e_�r_�f_�a_�c_�e.
66:
67: -�-f�f _�f_�i_�l_�t_�e_�r _�c_�o_�d_�e
68: Use _�f_�i_�l_�t_�e_�r _�c_�o_�d_�e to select the packets to count. Only IP packets
69: are ever counted, so the specified code is evaluated as (�(_�f_�i_�l_�t_�e_�r
70: _�c_�o_�d_�e)�) a�an�nd�d i�ip�p.
71:
72: -�-F�F _�n_�e_�t/_�m_�a_�s_�k
73: Specifies a network for traffic analysis. If specified, iftop
74: will only include packets flowing in to or out of the given net-
75: work, and packet direction is determined relative to the network
76: boundary, rather than to the interface. You may specify _�m_�a_�s_�k as
77: a dotted quad, such as /255.255.255.0, or as a single number
78: specifying the number of bits set in the netmask, such as /24.
79:
80: -�-c�c _�c_�o_�n_�f_�i_�g _�f_�i_�l_�e
81: Specifies an alternate config file. If not specified, iftop
82: will use ~�~/�/.�.i�if�ft�to�op�pr�rc�c if it exists. See below for a description
83: of config files
84:
85:
86: D�DI�IS�SP�PL�LA�AY�Y
87: When running, i�if�ft�to�op�p uses the whole screen to display network usage. At
88: the top of the display is a logarithmic scale for the bar graph which
89: gives a visual indication of traffic.
90:
91: The main part of the display lists, for each pair of hosts, the rate at
92: which data has been sent and received over the preceding 2, 10 and 40
93: second intervals. The direction of data flow is indicated by arrows, <=
94: and =>. For instance,
95:
96: foo.example.com => bar.example.com 1Kb 500b 100b
97: <= 2Mb 2Mb 2Mb
98:
99: shows, on the first line, traffic from f�fo�oo�o.�.e�ex�xa�am�mp�pl�le�e.�.c�co�om�m to b�ba�ar�r.�.e�ex�xa�am�m-�-
100: p�pl�le�e.�.c�co�om�m; in the preceding 2 seconds, this averaged 1Kbit/s, around half
101: that amount over the preceding 10s, and a fifth of that over the whole
102: of the last 40s. During each of those intervals, the data sent in the
103: other direction was about 2Mbit/s. On the actual display, part of each
104: line is inverted to give a visual indication of the 10s average of
105: traffic. You might expect to see something like this where host f�fo�oo�o is
106: making repeated HTTP requests to b�ba�ar�r, which is sending data back which
107: saturates a 2Mbit/s link.
108:
109: By default, the pairs of hosts responsible for the most traffic (10
110: second average) are displayed at the top of the list.
111:
112: At the bottom of the display, various totals are shown, including peak
113: traffic over the last 40s, total traffic transferred (after filtering),
114: and total transfer rates averaged over 2s, 10s and 40s.
115:
116:
117: S�SO�OU�UR�RC�CE�E /�/ D�DE�ES�ST�T A�AG�GG�GR�RE�EG�GA�AT�TI�IO�ON�N
118: By pressing s�s or d�d while i�if�ft�to�op�p is running, all traffic for each source
119: or destination will be aggregated together. This is most useful when
120: i�if�ft�to�op�p is run in promiscuous mode, or is run on a gateway machine.
121:
122:
123: P�PO�OR�RT�T D�DI�IS�SP�PL�LA�AY�Y
124: S�S or D�D toggle the display of source and destination ports respectively.
125: p�p will toggle port display on/off.
126:
127:
128: D�DI�IS�SP�PL�LA�AY�Y T�TY�YP�PE�E
129: t�t cycles through the four line display modes; the default 2-line dis-
130: play, with sent and received traffic on separate lines, and 3 1-line
131: displays, with sent, received, or total traffic shown.
132:
133:
134: D�DI�IS�SP�PL�LA�AY�Y O�OR�RD�DE�ER�R
135: By default, the display is ordered according to the 10s average (2nd
136: column). By pressing 1�1, 2�2 or 3�3 it is possible to sort by the 1st, 2nd
137: or 3rd column. By pressing <�< or >�> the display will be sorted by
138: source or destination hostname respectively.
139:
140:
141: D�DI�IS�SP�PL�LA�AY�Y F�FI�IL�LT�TE�ER�RI�IN�NG�G
142: l�l allows you to enter a POSIX extended regular expression that will be
143: used to filter hostnames shown in the display. This is a good way to
144: quickly limit what is shown on the display. Note that this happens at
145: a much later stage than filter code, and does not affect what is actu-
146: ally captured. Display filters DO NOT affect the totals at the bottom
147: of the screen.
148:
149:
150: P�PA�AU�US�SE�E D�DI�IS�SP�PL�LA�AY�Y /�/ F�FR�RE�EE�EZ�ZE�E O�OR�RD�DE�ER�R
151: P�P will pause the current display.
152:
153: o�o will freeze the current screen order. This has the side effect that
154: traffic between hosts not shown on the screen at the time will not be
155: shown at all, although it will be included in the totals at the bottom
156: of the screen.
157:
158:
159: S�SC�CR�RO�OL�LL�L D�DI�IS�SP�PL�LA�AY�Y
160: j�j and k�k will scroll the display of hosts. This feature is most useful
161: when the display order is frozen (see above).
162:
163:
164: F�FI�IL�LT�TE�ER�R C�CO�OD�DE�E
165: f�f allows you to edit the filter code whilst iftop running. This can
166: lead to some unexpected behaviour.
167:
168:
169: C�CO�ON�NF�FI�IG�G F�FI�IL�LE�E
170: iftop can read its configuration from a config file. If the -�-c�c option
171: is not specified, iftop will attempt to read its configuration from
172: ~�~/�/.�.i�if�ft�to�op�pr�rc�c, if it exists. Any command line options specified will
173: override settings in the config file.
174:
175: The config file consists of one configuration directive per line. Each
176: directive is a name value pair, for example:
177:
178: interface: eth0
179:
180: sets the network interface. The following config directives are sup-
181: ported:
182:
183:
184: i�in�nt�te�er�rf�fa�ac�ce�e:�: _�i_�f
185: Sets the network interface to _�i_�f.
186:
187: d�dn�ns�s-�-r�re�es�so�ol�lu�ut�ti�io�on�n:�: _�(_�y_�e_�s_�|_�n_�o_�)
188: Controls reverse lookup of IP addresses.
189:
190: p�po�or�rt�t-�-r�re�es�so�ol�lu�ut�ti�io�on�n:�: _�(_�y_�e_�s_�|_�n_�o_�)
191: Controls conversion of port numbers to service names.
192:
193: f�fi�il�lt�te�er�r-�-c�co�od�de�e:�: _�b_�p_�f
194: Sets the filter code to _�b_�p_�f.
195:
196: s�sh�ho�ow�w-�-b�ba�ar�rs�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
197: Controls display of bar graphs.
198:
199: p�pr�ro�om�mi�is�sc�cu�uo�ou�us�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
200: Puts the interface into promiscuous mode.
201:
202: p�po�or�rt�t-�-d�di�is�sp�pl�la�ay�y:�: _�(_�o_�f_�f_�|_�s_�o_�u_�r_�c_�e_�-_�o_�n_�l_�y_�|_�d_�e_�s_�t_�i_�n_�a_�t_�i_�o_�n_�-_�o_�n_�l_�y_�|_�o_�n_�)
203: Controls display of port numbers.
204:
205: h�hi�id�de�e-�-s�so�ou�ur�rc�ce�e:�: _�(_�y_�e_�s_�|_�n_�o_�)
206: Hides source host names.
207:
208: h�hi�id�de�e-�-d�de�es�st�ti�in�na�at�ti�io�on�n:�: _�(_�y_�e_�s_�|_�n_�o_�)
209: Hides destination host names.
210:
211: u�us�se�e-�-b�by�yt�te�es�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
212: Use bytes for bandwidth display, rather than bits.
213:
214: s�so�or�rt�t:�: _�(_�2_�s_�|_�1_�0_�s_�|_�4_�0_�s_�|_�s_�o_�u_�r_�c_�e_�|_�d_�e_�s_�t_�i_�n_�a_�t_�i_�o_�n_�)
215: Sets which column is used to sort the display.
216:
217: l�li�in�ne�e-�-d�di�is�sp�pl�la�ay�y:�: _�(_�t_�w_�o_�-_�l_�i_�n_�e_�|_�o_�n_�e_�-_�l_�i_�n_�e_�-_�b_�o_�t_�h_�|_�o_�n_�e_�-_�l_�i_�n_�e_�-_�s_�e_�n_�t_�|_�o_�n_�e_�-_�l_�i_�n_�e_�-_�r_�e_�c_�e_�i_�v_�e_�d_�)
218: Controls the appearance of each item in the display.
219:
220: s�sh�ho�ow�w-�-t�to�ot�ta�al�ls�s:�: _�(_�y_�e_�s_�|_�n_�o_�)
221: Shows cummulative total for each item.
222:
223: l�lo�og�g-�-s�sc�ca�al�le�e:�: _�(_�y_�e_�s_�|_�n_�o_�)
224: Use a logarithmic scale for bar graphs.
225:
226: m�ma�ax�x-�-b�ba�an�nd�dw�wi�id�dt�th�h:�: _�b_�w
227: Fixes the maximum for the bar graph scale to _�b_�w, e.g. "10M"
228:
229: n�ne�et�t-�-f�fi�il�lt�te�er�r:�: _�n_�e_�t_�/_�m_�a_�s_�k
230: Defines an IP network boundary for determining packet direction.
231:
232: s�sc�cr�re�ee�en�n-�-f�fi�il�lt�te�er�r:�: _�r_�e_�g_�e_�x_�p
233: Sets a regular expression to filter screen output.
234:
235:
236: Q�QU�UI�IR�RK�KS�S (�(a�ak�ka�a t�th�he�ey�y'�'r�re�e f�fe�ea�at�tu�ur�re�es�s,�, n�no�ot�t b�bu�ug�gs�s)�)
237: There are some circumstances in which iftop may not do what you expect.
238: In most cases what it is doing is logical, and we believe it is correct
239: behaviour, although I'm happy to hear reasoned arguments for alterna-
240: tive behaviour.
241:
242: T�To�ot�ta�al�ls�s d�do�on�n'�'t�t a�ad�dd�d u�up�p
243:
244: There are several reasons why the totals may not appear to add up. The
245: most obvious is having a screen filter in effect, or screen ordering
246: frozen. In this case some captured information is not being shown to
247: you, but is included in the totals.
248:
249: A more subtle explanation comes about when running in promiscuous mode
250: without specifying a -�-F�F option. In this case there is no easy way to
251: assign the direction of traffic between two third parties. For the
252: purposes of the main display this is done in an arbitrary fashion (by
253: ordering of IP addresses), but for the sake of totals all traffic
254: between other hosts is accounted as incoming, because that's what it is
255: from the point of view of your interface. The -�-F�F option allows you to
256: specify an arbitrary network boundary, and to show traffic flowing
257: across it.
258:
259: P�Pe�ea�ak�k t�to�ot�ta�al�ls�s d�do�on�n'�'t�t a�ad�dd�d u�up�p
260:
261: Again, this is a feature. The peak sent and peak received didn't nec-
262: essarily happen at the same time. The peak total is the maximum of
263: sent plus received in each captured time division.
264:
265: C�Ch�ha�an�ng�gi�in�ng�g t�th�he�e f�fi�il�lt�te�er�r c�co�od�de�e d�do�oe�es�sn�n'�'t�t s�se�ee�em�m t�to�o w�wo�or�rk�k
266:
267: Give it time. Changing the filter code affects what is captured from
268: the time that you entered it, but most of what is on the display is
269: based on some fraction of the last 40s window of capturing. After
270: changing the filter there may be entries on the display that are disal-
271: lowed by the current filter for up to 40s. DISPLAY FILTERING has imme-
272: diate effect and does not affect what is captured.
273:
274:
275: F�FI�IL�LE�ES�S
276: ~�~/�/.�.i�if�ft�to�op�pr�rc�c
277: Configuration file for iftop.
278:
279:
280: S�SE�EE�E A�AL�LS�SO�O
281: t�tc�cp�pd�du�um�mp�p(8), p�pc�ca�ap�p(3), d�dr�ri�if�ft�tn�ne�et�t(1).
282:
283:
284: A�AU�UT�TH�HO�OR�R
285: Paul Warren <pdw@ex-parrot.com>
286:
287:
288: V�VE�ER�RS�SI�IO�ON�N
289: $Id: iftop.8,v 1.25 2005/12/25 11:50:21 pdw Exp $
290:
291:
292: C�CO�OP�PY�YI�IN�NG�G
293: This program is free software; you can redistribute it and/or modify it
294: under the terms of the GNU General Public License as published by the
295: Free Software Foundation; either version 2 of the License, or (at your
296: option) any later version.
297:
298: This program is distributed in the hope that it will be useful, but
299: WITHOUT ANY WARRANTY; without even the implied warranty of MER-
300: CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
301: Public License for more details.
302:
303: You should have received a copy of the GNU General Public License along
304: with this program; if not, write to the Free Software Foundation, Inc.,
305: 675 Mass Ave, Cambridge, MA 02139, USA.
306:
307:
308:
309:
310: IFTOP(8)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to iftop.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / iftop