The following config directives are supported: Changing the filter code doesn't seem to work Give it time. If specified, iftop will only include packets flowing in to or out of the given network, and packet direction is determined relative to the network boundary, rather than to the interface. A more subtle explanation comes about when running in promiscuous mode without specifying a -F option. For example, iftop -F By default, iftop will look up the hostnames associated with addresses it finds in packets. 
| Uploader: | Akinozilkree |
| Date Added: | 7 September 2012 |
| File Size: | 67.85 Mb |
| Operating Systems: | Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X |
| Downloads: | 13345 |
| Price: | Free* [*Free Regsitration Required] |
Monitoring Bandwidth Usage with iftop - SUSE Linux Enterprise Server Guide
All Linux Man Pages. Changing the filter code affects what is captured from the time that you entered it, but most of what is on the display is based on some fraction of the last 40s window of capturing. The config file consists of one configuration directive per line. Using the -F option it is possible to get iftop to show packets entering and leaving a given network.
By wuse, iftop will look up the hostnames associated with addresses it finds in packets. Note that this happens at a much later stage than filter code, and wuse not affect what is actually captured. In most cases what it is doing is logical, and we believe it is correct behaviour, although I'm happy to hear reasoned arguments for alternative behaviour.
This is most useful when iftop is run in promiscuous mode, or is run on a gateway machine. On the actual display, part of each line is inverted to give a visual indication of the 10s average of traffic. This is a good way to quickly limit what is shown on the display. By pressing 1, 2 or 3 it is possible to sort by the 1st, 2nd or 3rd column. Note that the value has to always be in bits, regardsless if the option to display in bytes has been choosen. The peak total is the maximum of sent plus received in each captured time division.
SUSE Linux Enterprise Server 12 for AMD64 & Intel 64 iftop
Totals don't add up There are several reasons why the totals may not appear to add up. Each directive is a name value pair, for example: For the purposes of the main display this is done in an arbitrary fashion by ordering of IP addressesbut for the sake of totals all traffic between other hosts is accounted as incoming, because that's what it is from the point of view of your interface.
Any command line options specified will override settings in the config file. A more subtle explanation comes about when running in promiscuous mode without specifying a -F syse. This can cause substantial traffic of itself, and may result in a confusing display. In this case some captured information is not being shown to ifhop, but is included in the totals. This has the side effect that traffic between hosts not shown on the screen at the time will not be shown at all, although it will be included in the totals at the bottom of the screen.
The following config directives are supported: By default, iftop counts all IP packets that pass through the filter, and the direction of the packet is determined according to the direc- jftop the packet is moving across the interface.
Only IP packets are ever counted, so the specified code is evaluated as filter code and ip.
RPM resource iftop
At the top of the display is a logarithmic scale for the susw graph which gives a visual indication of traffic. For example, iftop -F Peak totals don't add up Again, this is a feature. DISPLAY TYPE t cycles through the four line display modes; the default 2-line display, with sent and received traffic on separate lines, and 3 1-line displays, with sent, received, or total traffic shown.
The main part of the display lists, for each pair of hosts, the rate at which data has been sent and received over the preceding 2, 10 and 40 second intervals. At the bottom of the display, various totals are shown, including peak traffic over the last 40s, total traffic transferred after filter- ingand total transfer rates averaged over 2s, 10s and 40s.
If specified, iftop will only include packets flowing in to or out of the given network, and packet direction is determined relative to the network boundary, rather than to the interface. Some other filter ideas: You may wish to suppress display of DNS traffic by using filter code such as not port domain, or switch it off entirely, by using the -n option or by pressing n when the program is running.
After changing the filter there may be entries on the display that are disal- lowed ifftop the current filter for up to 40s.
By default, the pairs of hosts responsible for the most traffic 10 second average are displayed at the top of the list. The susse option allows you to specify an arbitrary network boundary, and to show traffic flow- ing across it.
Changing the filter code doesn't seem to work Give it time.
No comments:
Post a Comment