Analyse network traffic in detail…

iftop is a real good utility both for your own computer and for your server. Specially good for the latter and even better if this server is acting as the main router in your premises or your experiencing unusual network usage.

Well lets explain what iftop does, it is more or less like top, or htop but it does not measure the processes in the processor, it measures the “processes” in the Ethernet interface, giving you information about the IPs that have a connection with the computer where iftop is running, also giving information about the traffic, if it is incoming or outgoing, also how much traffic there is in that connection and the total amount of traffic in the interface.

To install on a Debain/Ubuntu like Linux OS use the following terminal command:

sudo apt-get install iftop

You may find some of the options useful;
-p Enables promiscuous mode, so the traffic on any interface (if there is more than once) is checked and counted.

-P Shows also the port that connection is using both on our side and on the other side.

-N Do not resolve port names, which is the default behaviour when you enable the -P option, so it will shows you :www or :80

If you want to know any more about iftop simply use the command (outside of iftop):

man iftop

and this will bring up the iftop manual.

Have fun analysing!

Analyse network traffic in detail…