iftop可以查看指定网卡上的流量情况, 命令说明



iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]

   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  display bandwidth in bytes
   -a                  display bandwidth in packets
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors


如果要查看内网连接的各个IP的流量情况, 使用命令



iftop -i br-lan


显示的界面是类似于这样的



10b               1.00Kb            100Kb             10.0Mb      1.00Gb
└───────┴─────────────────┴─────────────────┴─────────────────┴─────────────────
123.215.56.131             => x240.lan                   2.96Mb  2.21Mb  2.25Mb
                           <=                             172Kb   127Kb   130Kb
125.103.109.3              => Honor_V8.lan                671Kb   899Kb   735Kb
                           <=                            14.5Kb  14.7Kb  12.9Kb
125.102.164.48             => 20180331KQT.lan             485Kb   840Kb   329Kb
                           <=                            17.6Kb  40.1Kb  18.4Kb
125.102.164.31             => 20180331KQT.lan               0b    184Kb  75.8Kb
                           <=                               0b   34.9Kb  12.8Kb
200.132.127.188            => 192.168.253.176               0b    116Kb  29.0Kb
                           <=                               0b   5.53Kb  1.38Kb
112.233.48.111             => 192.168.253.176             478Kb  95.6Kb  23.9Kb
                           <=                            23.6Kb  4.73Kb  1.18Kb
125.15.222.48              => EDZ-20180331KQT.lan           0b   77.1Kb  41.9Kb
                           <=                               0b   12.4Kb  6.69Kb

────────────────────────────────────────────────────────────────────────────────
TX:             cum:    175MB   peak:   4.69Mb  rates:   4.66Mb  4.47Mb  4.21Mb
RX:                    8.49MB            498Kb            277Kb   293Kb   305Kb
TOTAL:                  183MB           5.16Mb           4.93Mb  4.75Mb  4.50Mb


界面的说明:

第一行是刻度, 因为下面显示的每一个连接, 都会根据流量大小高亮显示, 根据的是第一行的刻度. 刻度默认显示的是普通坐标, 按L(大写)可以在普通坐标和对数坐标之间切换

第二行之后是每一个有流量的连接, 箭头表示流向, 右侧的三个数, 分别表示最近的2s, 10s, 40s的平均流量

底部三行, 分别是TX出向, RX入向, TOTAL总计三个维度的统计, 每个维度里面显示的数值分别为cum合计, peak峰值, rates: 2s, 10s, 40s的流量均值

运行时可以使用的命令, 可以通过按h(小写)查看

 

查看系统日志, 可以用 logread 命令