Linux 网络监控工具总结

1. ifstat



2. iftop



iftop -n -P -N -i eth0  # 显示eth0上的网卡流量,-n 不解析主机名 -P 显示端口号,-N 显示端口号,不显示service name


   -h     Print a summary of usage.

   -n     Don't do hostname lookups.

   -N     Do not resolve port number to service names

   -p     Run in promiscuous mode, so that traffic which does not pass directly through the specified interface is  also

   -P     Turn on port display.

   -l     Display  and  count  datagrams  addressed to or from link-local IPv6 addresses.  The default is not to display
          that address category.

   -b     Don't display bar graphs of traffic.

   -m limit
          Set the upper limit for the bandwidth scale.  Specified as a number with a 'K', 'M' or 'G' suffix.

   -B     Display bandwidth rates in bytes/sec rather than bits/sec.

   -i interface
          Listen to packets on interface.

   -f filter code
          Use filter code to select the packets to count. Only IP packets are ever counted, so  the  specified  code  is
          evaluated as (filter code) and ip.

   -F net/mask
          Specifies  an  IPv4 network for traffic analysis.  If specified, iftop will only include packets flowing in to
          or out of the given network, and packet direction is determined relative to the network boundary, rather  than
          to the interface.  You may specify mask as a dotted quad, such as /, or as a single number speci-
          fying the number of bits set in the netmask, such as /24.

   -G net6/mask6
          Specifies an IPv6 network for traffic analysis. The value of mask6 can be given as a prefix  length  or  as  a
          numerical address string for more compound bitmasking.

   -c config file
          Specifies  an alternate config file.  If not specified, iftop will use ~/.iftoprc if it exists.  See below for
          a description of config files

   -t text output mode
          Use text interface without ncurses and print the output to STDOUT.

3. nload



nload eth0  

nload -m  # multi interface 


nload  [-a  period]  [-i max_scaling] [-m] [-o max_scaling] [-t interval] [-u h|H|b|B|k|K|m|M|g|G]
        [-U h|H|b|B|k|K|m|M|g|G] [devices]

  -a period
          Sets  the  length  in seconds of the time window for average calculation.  The default is

   -i max_scaling
          Specifies the 100% mark in kBit/s of the graph indicating the incoming  bandwidth  usage.
          Ignored  if max_scaling is 0 or the switch -m is given. The default value for max_scaling
          is 10240.

   -m     Show multiple devices at a time; do not show the traffic graphs.

   -o max_scaling
          Same as -i but for the graph indicating the outgoing bandwidth usage.

   -t interval
          Determines the refresh interval of the display in milliseconds.   The  default  value  of
          interval is 500.

          PLEASE NOTE: Specifying refresh intervals shorter than about 100 milliseconds makes traf-
          fic calculation very unprecise. Also the display may flicker  using  such  short  refresh
          intervals.   nload  tries  to balance this out by doing extra time measurements, but this
          may not always succeed.

   -u h|H|b|B|k|K|m|M|g|G
          Sets the type of unit used for the display of traffic numbers.  h  means  human  readable
          (auto), b Bit/s, k kBit/s, m MBit/s and g GBit/s.  The upper case letters mean the corre-
          sponding units in Bytes (instead of Bits).  The default is k.

   -U h|H|b|B|k|K|m|M|g|G
          Same as -u, but for an amount of data, e.g. Bit, kByte, GBit etc.  (without  "/s").   The
          default is M.

          Network  devices  to  use. The default is "all", which means to display all auto-detected

   -h, --help
          Show a short summary of these command line options.

4. nethogs

root 用户运行。 可按照进程使用网络流量进行分类和排序。


nethogs -s eth0   # 对于网卡eth0上的流量显示,sort by send bytes 


    nethogs [-h] [-V] [-d] [-v] [-t] [-c] [-p] [-s] [device(s)]

       -h     display available commands usage.

       -V     prints Version info.

       -d     delay for refresh rate.

       -v     select view mode

       -p     sniff in promiscious mode (not recommended).

       -t     tracemode.

       -c     limit number of refreshes

       -s     sort by traffic sent

       device(s) to monitor. By default eth0 is being used.


       m      cycle between display modes (kb/s, kb, b, mb)

       r      sort by 'received'

       s      sort by 'sent'

       q      quit

4. iptraf

网络监控工具,功能比nload更强大,可以监控所有的流量,IP流量,按协议分的流量,还可以设置过滤器等, 有交互界面比较方便。



电子邮件地址不会被公开。 必填项已用*标注