You can install and use iftop utility on Linux. This command listens to network traffic on a given interface (such as eth0 or eth1), and shows a table of current bandwidth usage by pairs of hosts. iftop must be run with sufficient permissions (usually as root user) to monitor all network traffic on the interface.
Install iftop
First, turn on EPEL repo on Linux. See how to install and enable epel repo on CentOS / RHEL / Scientific Linux v4.x/5.x/6.x for more information. Type the following yum command to install iftop on RHEL/CentOS/Fedora Linux:
# yum -y install iftop
Sample outputs:
How do I use iftop command?
The syntax is:
iftop iftop [options] iftop -i interface iftop -i eth0 -f filter_code |
Examples
Simply type the following command to monitor traffic on eth0:
# iftop -i eth0
Sample outputs:
Don’t do DNS hostname lookups
By default, iftop will look up the hostnames associated with addresses it finds in packets. Pass the -n option to disable dns lookup:
# iftop -n -i eth0
Hide service name and port numbers
Pass the -N option to hide resolve port number to service names:
# iftop -N -i eth0
Find out packets flowing in and out of 192.168.1.0/24 network
Use the -F option to set net/mask for traffic analysis. In this example, find out packets flowing in and out of the 192.168.1.0/24 network. This is useful to find out if why the network is slow:
# iftop -F 192.168.1.0/255.255.255.0 -i eth0
icmp bandwidth stats
Find out more about icmp ping requests and bandwidth usage per interface by host. Use the -f to set filter:
# iftop -f icmp -i eth0
Hide bar graphs
Pass the -b option to turn off display bar graphs of traffic:
# iftop -b -i eth0
Pass the -B option to display bandwidth rates in bytes/sec rather than bits/sec:
# iftop -B -i eth0
Important keyboard shortcuts
- Press t control display type. The t cycles through the four line display modes; the default 2-line display, with sent and received traffic on separate lines, and 3 1-line displays, with sent, received, or total traffic shown.
- Press P to pause the current display.
- Press o to freeze the current screen order. This has the side effect that traffic between hosts not shown on the screen at the time will not be shown at all, although it will be included in the totals at the bottom of the screen.
- Press j and k to scroll the display of hosts. This is useful for busy servers.
Recommended readings
- Keeping a Log Of Daily Network Traffic for ADSL or Dedicated Remote Linux Server
- Linux: Check Network Connection Command
- Man pages: tcpdump(8)
6 comment
Excellent tool. Thanks for sharing it :D
Great write up.
Thanks for sharing
Thanks. Handy tool to have.
How to get monthly bandwidth data from iftop. I tried NTM it doesn’t work, can u suggest any other monthy bandwidth monitoring tool ?
Honestly, if you want weekly/monthly reporting, i’d have to recommend VNstat the most. It’s small, easy to install and use, and simple. If you want something with more features, the only other one i could think of would be bandwidthd, but i will warn you that it hasn’t been updated since 2005 and has some issues with CPU usage on high throughput connections.