Analyzing network traffic with iftop

Slashdot it! Delicious Share on Facebook Tweet! Digg!

Filtering and Sorting

As you can see, iftop is quite flexible in its display characteristics. The same goes for filtering and sorting.

To view only certain network connections, set a pattern to filter the output. Press lowercase L (for limit) to open a text input box on the top line. Iftop sees this as a regular expression and shows only those connections that fit the pattern. In Figure 4, the dropbox entry sets the regular expression for finding only those connections that include the string dropbox .

Figure 4: Filter connections using a regular expression pattern.

To sort the output, iftop provides two options. Pressing < or > sorts the output by source or destination name, respectively. 1, 2, and 3 sort by the respective time interval columns.

Call Parameters

Iftop accepts a number of parameters at startup. Many of them coincide with the aforementioned keyboard shortcuts. Curious users might be interested in the two options -i and -p . With -i (interface), you can specify which interface you want iftop to monitor. The switch -p runs iftop in promiscuous mode, which means that it also monitors traffic that doesn't pass directly through the specified interface.

Using the -f option is a way of filtering specific packets by network, host, or port. For example, use the following to display only SSH packets that run over the /dev/wlan0 wireless interface:

# iftop -i wlan0 -f "dst port 22"

Destination port 22 is shorthand for the Secure Shell (SSH) port.

The filter expression matches the syntax for pcap-filter and allows for an elegant selection of packets. Table 1 provides some examples.

Buy this article as PDF

Express-Checkout as PDF

Pages: 3

Price $0.99
(incl. VAT)

Buy Ubuntu User

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Programs for bandwidth monitoring

    Many programs communicate over the network, and when a bottleneck occurs, these tools can help you determine the cause.

  • Zentyal Server 3.5

    Some users may struggle when setting up various services, such as web servers, email servers, firewalls, and the like. Zentyal simplifies configuration of all those things, thanks to its intuitive user interface.

  • Understanding and using the Tor network

    Given the extent to which intelligence agencies have been tapping data off the Internet, those wanting to protect their privacy need to take action. Tor can help you.

  • Viewing users' system access

    Linux automatically executes protocols on the activities that take place on the system. This article looks at ways to keep track of users who've logged in.

  • Anonymous surfing on the Internet

    Users who want to surf the Internet anonymously need to consider the Tor network. The Tor browser package offers a simple solution for protecting your personal privacy.