centos8平台基於iftop監控網絡流量

一，iftop的作用:

基於ip統計外部機器與本機之間的網絡流量，

可以方便的查看各客戶端是否有非正常的到本機的訪問

 

說明：劉宏締的架構森林是一個專注架構的博客，地址：https://www.cnblogs.com/architectforest

         對應的源碼可以訪問這里獲取： https://github.com/liuhongdi/

 說明：作者:劉宏締 郵箱: 371125307@qq.com

 

二，安裝iftop:

[root@yjweb ~]# yum install iftop 

 

說明：如果yum報錯沒有任何匹配,則先安裝epel源

[root@localhost liuhongdi]# yum install epel-release

 

三，查看iftop的幫助信息與版本

[root@yjweb ~]# iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]
   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  display bandwidth in bytes
   -a                  display bandwidth in packets
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors

 

四，iftop最常用的三個參數

[root@loadserver ~]# iftop -n -N -P

 

-n:使host信息默認直接都顯示IP

（默認會反解成域名，沒必要）

-N:使端口信息默認直接都顯示端口號

(默認會顯示成服務，如:http,https,

沒必要，自定義的端口也顯示不了)

-P:使host信息及端口信息默認就都顯示

 

說明：加了-P這個參數的統計是統計到了端口，

         如果只想看統計到主機，則去掉-P參數

 

五，iftop的常用方法舉例：

1，查看指定網卡的流量情況：

[root@loadserver ~]# iftop -n -N -P -i eth0

 

2，查看某個ip或網段的流量情況

[root@loadserver ~]# iftop -n -N -P -F 172.117.123.26/32

 

六，iftop的常用交互命令:

1，q:退出監控

 

2, b: 打開/關閉流量圖形條

    (一般不使用)

 

3,p: 打開/關閉按端口統計

 

4,P:暫停/繼續顯示

   有時需要查看某一時間點的數據

 

5，T：打開/關閉 顯示每個連接的總流量

 

6，h:打開/關閉 交互命令的幫助界面

 

七，把iftop的顯示數據輸出到文件

[root@loadserver ~]# iftop -t > /root/iftop.txt

 

八，查看當前的centos版本

[root@yjweb ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)