Detailed explanation of iptraf command in Linux

iptraf is an IP LAN monitoring tool developed based on ncurses. It can monitor network card traffic in real time and generate various network statistics, including TCP information, UDP statistics, ICMP and OSPF information, Ethernet load information, and node statistics. , IP checksum errors and other information.

iptraf parameter list

Different parameters added after iptraf can play different roles. The following is the parameter command list of iptraf:

Note: Open the command line window and use iptraf to be told that you need to run it as an administrator. To switch from an ordinary user to an administrator user, you only need to execute the command sudo su.

As shown in the figure below, Figure 1 is the prompt message before switching to the administrator identity, and Figure 2 is after switching to the administrator identity.

Menu options after using iptraf

First, enter iptraf and the interface shown below will appear:

Click the "Enter" key to continue and enter the following picture:

1.Configure

Click "Configure" menu in the total menu command to enter the following command menu:

This is very important. Proper configuration can make the statistical results more intuitive and informative.

1) Reverse DNS lookups: View the domain name corresponding to the connected IP. You can see the domain name results in the pkt captured dialog box of the IP traffic monitor. This is not very intuitive, and it will affect the packet capture performance a little bit when turned on.

2) TCP/UDP service names: Wherever there is a port, the port number will be replaced with the corresponding service name, which is very useful and intuitive.

3) Activity mode: Displays whether the traffic is in Kbits/s or Kbytes/s. It is recommended to change it to the latter one to be more consistent with habits.

4) Additional ports: Monitor additional ports that need to be monitored by port number. By default, only ports less than 1024 are monitored.

2.Filters

This default is fine unless you have special needs.

Click "Filter" to enter the interface as shown below:

3.IP traffic monitor

Check the network traffic based on the connection. It is best to let it run for a while to see the structure of the total statistics. If a single connection takes up a lot of bandwidth, it is easy to see. At the same time, based on the IP, you can easily tell whether you are interacting with an internal network or an external network server. pkt captured can see the mac address.

Click "IP traffic monitor" to enter the selection interface shown below,

Click on the option to enter the view interface:

4.General interface statistics

各ネットワーク カードのトラフィックを確認します。これは、内部ネットワークと外部ネットワークを含むネットワーク カードのトラフィックであることに注意してください。単一のマシンでは内部ネットワークと外部ネットワークを区別できません。

「一般インターフェイス統計」をクリックして、以下に示すインターフェイスに入ります:

5.インターフェイスの詳細な統計情報

プロトコルの統計によると、IP、TCP、UDP などのプロトコルは少数しかなく、あまり役に立たないようです。

「詳細なインターフェース統計」をクリックして、以下に示す選択インターフェースに入ります。

オプションをクリックしてビューインターフェイスに入ります:

6.統計の内訳

1) パケット サイズ別: 送信パケットのサイズに基づく統計。
2) TCP/UDP ポート別: アプリケーション プロトコルに基づく統計は、詳細なインターフェイス統計よりも実用的です。

「統計の内訳」をクリックしてオプションのメニューを表示します:

7.LANステーションモニター

MAC アドレスの統計に基づいています。

「LANステーションモニター」をクリックするとオプションメニューが表示されます:

The above is the detailed content of Detailed explanation of iptraf command in Linux. For more information, please follow other related articles on the PHP Chinese website!