iftop is a handy way to quickly start a bandwidth monitor on an interface from the command line. It takes a number of parameters, most of which can be toggled on and off from the ncurses interface (like top).
-n disables hostname look ups and -N does the same for ports. -p runs promiscuous mode and -P turns on the ports display (appended to the end of the IP address and separated with a colon, like tcpdump). -b disables the bandwidth meter (a highlight bar on the IP's row that shows graphically how much traffic is being passed), and -B changes the stats to bytes per second instead of bits. -i specifies the interface, like many network tools and -f specifies the filter. You don't need to specify a filter of "ip" as only IP packets are counted; it's already set.
Other parameters deal with netmasks and an optional alternate config file.
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
No comments:
Post a Comment