iftop Command Examples in Linux

The iftop command displays bandwidth usage information for the system, helping to identify whether a particular NIC or protocol is consuming the most bandwidth. The iftop command may not be installed on all Linux distributions. This command can help you identify why a particular link may be slow by showing the traffic on that connection. You can use it to check to see what is consuming the most bandwidth on an interface. For example:

# iftop -i eth0

Syntax

The syntax of the iftop command is:

# iftop [options] [-i {interface}]

iftop Command Examples

1. Running the basic package needs no arguments. In fact, a typical iftop session can be started with the following command:

# iftop

2. you can use the following argument to display the results for a specific device:

# iftop -i ethX

3. Show the bandwidth usage with port information:

# iftop -P

4. Do not show bar graphs of traffic:

# iftop -b

5. By default, iftop will attempt to resolve all IP addresses into hostname, but you can avoid this with the -n option like this:

# iftop -n -i ethX

6. Get help about interactive commands:

?

7. In certain situations, you should be aware that you can use iftop to investigate the flow of packets across a network range by initializing the appropriate filter like this:

# iftop -F 192.168.1.0/255.255.255.0 -i eth0

8. You can choose to show the results for a specific port with the following syntax:

# iftop -i eth0 -f 'port http'

9. Alternatively, rather than displaying the results in bits per second, using the -B option in the following way the display will now show bandwidth rates in bytes per second:

# iftop -B -F 192.168.1.0/255.255.255.0 -i eth0

You can learn more about iftop by typing:

# man iftop

Conclusion

Network slowness is often a symptom of bandwidth saturation, in which a network link’s capacity is exceeded, i.e., all bandwidth is being used up. This can lead to degraded network performance or even service outages. With the iftop command, you can investigate any NICs on a network link that you suspect may be sending or receiving excessive sums of traffic across that link. For example, one host might be making repeated requests to an internal web server, and both hosts might be flooding the network with their requests and responses. Once you’ve identified the source of the issue, you can then take steps to stop the offending host from making these requests, such as terminating the service responsible for the requests.

Related Post