centos8平台基于iftop监控网络流量

一，iftop的作用:

基于ip统计外部机器与本机之间的网络流量，

可以方便的查看各客户端是否有非正常的到本机的访问

说明：刘宏缔的架构森林是一个专注架构的博客，地址：https://www.cnblogs.com/architectforest

         对应的源码可以访问这里获取： https://github.com/liuhongdi/

 说明：作者:刘宏缔 邮箱: 371125307@qq.com

二，安装iftop:

[root@yjweb ~]# yum install iftop 

说明：如果yum报错没有任何匹配,则先安装epel源

[root@localhost liuhongdi]# yum install epel-release

三，查看iftop的帮助信息与版本

[root@yjweb ~]# iftop -h
iftop: display bandwidth usage on an interface by host
Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]
   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  display bandwidth in bytes
   -a                  display bandwidth in packets
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors

四，iftop最常用的三个参数

[root@loadserver ~]# iftop -n -N -P

-n:使host信息默认直接都显示IP

（默认会反解成域名，没必要）

-N:使端口信息默认直接都显示端口号

(默认会显示成服务，如:http,https,

没必要，自定义的端口也显示不了)

-P:使host信息及端口信息默认就都显示

说明：加了-P这个参数的统计是统计到了端口，

         如果只想看统计到主机，则去掉-P参数

五，iftop的常用方法举例：

1，查看指定网卡的流量情况：

[root@loadserver ~]# iftop -n -N -P -i eth0

2，查看某个ip或网段的流量情况

[root@loadserver ~]# iftop -n -N -P -F 172.117.123.26/32

六，iftop的常用交互命令:

1，q:退出监控

2, b: 打开/关闭流量图形条

    (一般不使用)

3,p: 打开/关闭按端口统计

4,P:暂停/继续显示

   有时需要查看某一时间点的数据

5，T：打开/关闭 显示每个连接的总流量

6，h:打开/关闭 交互命令的帮助界面

七，把iftop的显示数据输出到文件

[root@loadserver ~]# iftop -t > /root/iftop.txt

八，查看当前的centos版本

[root@yjweb ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)