iftop
Display network traffic bandwidth usage
TLDR
Show the bandwidth usage
Show the bandwidth usage of a given interface
Show the bandwidth usage with port information
Do not show bar graphs of traffic
Do not look up hostnames
Display help
SYNOPSIS
iftop [ -h ] [ -n ] [ -N ] [ -p ] [ -P ] [ -b ] [ -i interface ] [ -f filter code ] [ -F net/mask ] [ -G net/mask ] [ -l ] [ -t ] [ -s seconds ] [ -L lines ] [ -B bytes | kilobytes | megabytes ]
PARAMETERS
-h
Display the help message and exit.
-n
Disable reverse DNS lookups. Show IP addresses instead of hostnames.
-N
Show port numbers rather than service names.
-p
Run in promiscuous mode (show traffic that is not addressed to our host).
-P
Show port numbers as well as host addresses.
-b
Do not display a bar graph of traffic.
-i interface
Listen to network traffic on interface.
-f filter code
Use filter code as a filter expression (same syntax as tcpdump).
-F net/mask
Show only traffic to/from given net.
-G net/mask
Show only traffic within given net.
-l
Display link-level bandwidth information (requires -i to specify an interface).
-t
Run in non-interactive mode (for batch processing).
-s seconds
Print bandwidth every seconds seconds (default: 1).
-L lines
Print only the first lines lines.
-B bytes|kilobytes|megabytes
Display bandwidth in bytes, kilobytes, or megabytes. Default is bytes.
DESCRIPTION
iftop is a real-time console-based network monitoring tool that displays a dynamically updated list of network connections and the bandwidth they are using. It listens to network traffic on a named interface and displays a table of current bandwidth usage, showing the source and destination hosts or network, and the bandwidth used by each.
Unlike 'top' which displays CPU usage, iftop focuses on network connections. This makes it incredibly useful for quickly identifying the busiest network connections and detecting potential bottlenecks or excessive traffic. It is commonly used for troubleshooting network performance issues, monitoring server traffic, and identifying hosts generating or receiving the most data. iftop utilizes libpcap to capture packets, and the output is often configurable to display various metrics and use different filters.
CAVEATS
iftop requires root privileges or CAP_NET_RAW capability to capture network packets. The accuracy of the displayed bandwidth depends on the network conditions and the capabilities of the hardware.
INTERACTIVE COMMANDS
While iftop is running, you can use these keys to control the display:
- 'h': Display help.
- 'n': Toggle displaying hostnames.
- 's': Toggle displaying source ports.
- 'd': Toggle displaying destination ports.
- 'b': Toggle bar graph display.
- 't': Toggle between different display modes.
- 'q': Quit.
FILTERING
iftop can be used with the '-f' option to filter traffic based on tcpdump-style filter expressions. This allows you to focus on specific types of traffic, such as traffic to or from a particular host or port.
HISTORY
iftop was created by Chris Lightfoot to provide a 'top' style view of network traffic. It quickly gained popularity among system administrators and network engineers as a valuable tool for real-time network monitoring and troubleshooting. Its simplicity and ease of use have contributed to its widespread adoption.