timerring

The Iftop

January 30, 2025 · 1 min read · Page View:
Tutorial
Linux | Network

Generated by DALL-E 3. The linux symbol penguin is holding a card with iftop on it.

If you have any questions, feel free to comment below.

I frequently use ifconfig and cat /proc/net/dev to examine network information. However, today, my cloud server crashed unexpectedly. I reached out to the cloud support for assistance. The engineer utilized iftop to analyze the situation. After the issue was resolved, I started to consider using this tool. Now, let’s take a closer look at this powerful utility.

For more info about /proc you can check another blog Further Understanding of Proc.

The reason why I choose the iftop is simple, if the alicloud Inc. selects the iftop, which indicates the tool is somehow suitable for general analysis and common situtation. After all, those with experience knows better.

iftop must be run with sufficient permissions to monitor all network traffic on the interface, which is root for most os.

You can refer the official docs: iftop

The display #

The top part is the bar graph of the bandwidth. You can adjust it by -m parameter.

The main part of the display lists, for each pair of hosts, the rate at which data has been sent and received over the preceding 2, 10 and 40 second intervals. The direction of data flow is indicated by arrows, <= (receive) and => (send).

At the bottom of the display, various totals are shown, including total traffic transferred (after filtering), peak traffic over the last 40s, and total transfer rates averaged over 2s, 10s and 40s.

                2.00Mb          4.00Mb          6.00Mb          8.00Mb    10.0Mb
└───────────────┴───────────────┴───────────────┴───────────────┴───────────────
foo.example.com  =>  bar.example.com      1Kb  500b   100b
                 <=                       2Mb    2Mb    2Mb

TX:             cum:   43.5MB   peak:   4.21Mb  rates:   4.15Mb  4.08Mb  4.00Mb
RX:                    1.46MB            192Kb            192Kb   162Kb   136Kb
TOTAL:                 45.0MB           4.38Mb           4.34Mb  4.24Mb  4.13Mb

The options #

For more options you should check the official docs, here I will list some common usage:

  1. iftop -nP: -n means Don’t do hostname lookups. -P means Turn on port display.
  2. iftop -B: -B means Display bandwidth rates in bytes/sec.
  3. iftop -l: -l means IPv6 addresses(default not include).
  4. iftop -m 10M specific the maximum of the bar graph.
  5. iftop -i wlan0 -f "dst port 22": -i you can specific the network interface and -f you can specific some filters. Other filters such as dst host 10.10.8.8, src port 443, dst portrange 22-23 and gateway 10.10.8.1.

The operation when running iftop #

You can just press h when running iftop to check every operation.

Related readings

<< prev | Reflections on... Continue strolling Further... | next >>
If you find this blog useful and want to support my blog, need my skill for something, or have a coffee chat with me, feel free to:
Subscribe to participate in blog topics and custom services Buy me a coffee

© 2022 - present timerring | PV: | UV: