iftop

Show the bandwidth usage

$ sudo iftop

$ sudo iftop -i [interface]

$ sudo iftop -P

$ sudo iftop -b

$ sudo iftop -n

$ <?>

iftop [options] [interface]
Example: iftop -i eth0
Example: iftop -nPp

-i
    Specifies the network interface to listen on (e.g., eth0, wlan0).

-n
    Don't resolve hostnames, display IP addresses instead.

-P
    Display port numbers along with IP addresses.

-N
    Don't display port numbers.

-p
    Run in promiscuous mode, capturing all traffic on the network segment.

-b
    Don't display the bar graphs of traffic.

-B
    Display bandwidth in specified units: k, M, G (for Kbytes, Mbytes, Gbytes per second).

-F
    Filter traffic to only include packets to or from the specified network.

-f "filter code"
    Use a pcap filter code to select which packets are counted.

-s
    Display statistics for N seconds and then exit.

-t
    Use a text-only output, without the ncurses interactive interface.

-L
    Display a maximum of num lines of traffic.

iftop is a powerful, console-based utility for real-time network bandwidth monitoring. It listens to network traffic on a specified interface (e.g., eth0, wlan0) and displays a continuously updated table of current bandwidth usage.

This allows administrators and users to quickly see which hosts are consuming the most bandwidth and the nature of their traffic. The display typically shows incoming and outgoing traffic for each host, along with cumulative averages over 2, 10, and 40 seconds. It can resolve hostnames, show port numbers, and filter traffic based on various criteria. Its interactive interface allows for dynamic sorting, toggling display options, and applying temporary filters, making it an invaluable tool for diagnosing network bottlenecks, identifying suspicious activity, or simply observing network flow.

iftop uses libpcap to capture packets and ncurses for its interactive, textual user interface, providing a lightweight yet effective way to gain insight into network utilization directly from the command line.

Requires root privileges to capture network traffic on most systems.
Can be CPU-intensive on very high-traffic networks.
Primarily a real-time monitoring tool; it does not log historical data.

While iftop is running, several keys can be pressed to change its display or behavior:

• h or ?: Toggle help display.
• n: Toggle hostname resolution (display IP addresses).
• p: Toggle port display.
• b: Toggle bandwidth bar display.
• B: Toggle between bits/bytes per second display.
• s: Toggle source host column.
• d: Toggle destination host column.
• S: Sort by source IP.
• D: Sort by destination IP.
• 1, 2, 3: Sort by 2s, 10s, or 40s average.
• q: Quit iftop.

iftop was developed as a command-line tool to provide a network bandwidth usage overview similar to how top provides a process usage overview. It leverages the libpcap library for packet capture and the ncurses library for its interactive, real-time display, making it a popular choice for quick network diagnostics on Unix-like systems.

nload(1), vnstat(1), iptraf-ng(8), tcpdump(8), netstat(8), ss(8)