iftop

Show the bandwidth usage

$ sudo iftop

$ sudo iftop -i [interface]

$ sudo iftop -P

$ sudo iftop -b

$ sudo iftop -n

$ <?>

iftop [ -h ] [ -n ] [ -N ] [ -p ] [ -P ] [ -b ] [ -i interface ] [ -f filter code ] [ -F net/mask ] [ -G net/mask ] [ -l ] [ -t ] [ -s seconds ] [ -L lines ] [ -B bytes | kilobytes | megabytes ]

-h
    Display the help message and exit.

-n
    Disable reverse DNS lookups. Show IP addresses instead of hostnames.

-N
    Show port numbers rather than service names.

-p
    Run in promiscuous mode (show traffic that is not addressed to our host).

-P
    Show port numbers as well as host addresses.

-b
    Do not display a bar graph of traffic.

-i interface
    Listen to network traffic on interface.

-f filter code
    Use filter code as a filter expression (same syntax as tcpdump).

-F net/mask
    Show only traffic to/from given net.

-G net/mask
    Show only traffic within given net.

-l
    Display link-level bandwidth information (requires -i to specify an interface).

-t
    Run in non-interactive mode (for batch processing).

-s seconds
    Print bandwidth every seconds seconds (default: 1).

-L lines
    Print only the first lines lines.

-B bytes|kilobytes|megabytes
    Display bandwidth in bytes, kilobytes, or megabytes. Default is bytes.

iftop is a real-time console-based network monitoring tool that displays a dynamically updated list of network connections and the bandwidth they are using. It listens to network traffic on a named interface and displays a table of current bandwidth usage, showing the source and destination hosts or network, and the bandwidth used by each.
Unlike 'top' which displays CPU usage, iftop focuses on network connections. This makes it incredibly useful for quickly identifying the busiest network connections and detecting potential bottlenecks or excessive traffic. It is commonly used for troubleshooting network performance issues, monitoring server traffic, and identifying hosts generating or receiving the most data. iftop utilizes libpcap to capture packets, and the output is often configurable to display various metrics and use different filters.

iftop requires root privileges or CAP_NET_RAW capability to capture network packets. The accuracy of the displayed bandwidth depends on the network conditions and the capabilities of the hardware.

While iftop is running, you can use these keys to control the display:
- 'h': Display help.
- 'n': Toggle displaying hostnames.
- 's': Toggle displaying source ports.
- 'd': Toggle displaying destination ports.
- 'b': Toggle bar graph display.
- 't': Toggle between different display modes.
- 'q': Quit.

iftop can be used with the '-f' option to filter traffic based on tcpdump-style filter expressions. This allows you to focus on specific types of traffic, such as traffic to or from a particular host or port.

iftop was created by Chris Lightfoot to provide a 'top' style view of network traffic. It quickly gained popularity among system administrators and network engineers as a valuable tool for real-time network monitoring and troubleshooting. Its simplicity and ease of use have contributed to its widespread adoption.

tcpdump(1), iptraf(8), nethogs(8), wireshark(1)