iftop command in Linux w/ examples

This iftop command guide follows my previous 90 Linux Commands frequently used by Linux Sysadmins article. As time allows, I will continue to publish articles on around the 90 commands geared toward Linux sysadmins and Linux power users. Let’s continue this series with the iftop command.

iftop is a terminal program that shows network activity and details in text form. It’s suitable for users who want to monitor network traffic without the overhead of graphical interfaces.

The general syntax of the iftop command is:

dstat [-afv] [options..] [delay [count]]

iftop Linux install

Debian/Ubuntu and derivatives, use:

apt install iftop

RHEL/CentOS and derivatives, use:

dnf install iftop

Arch Linux and derivatives, use:

pacman -S iftop

iftop command examples

To show the bandwidth usage, use:

sudo iftop

To show the bandwidth usage of a given interface, use:
(replace with your interface)

sudo iftop -i eth0

To show the bandwidth usage with port information, use:

sudo iftop -P

To exclude, bar graphs of traffic, use:

sudo iftop -b

To  exclude hostnames look up, use:

sudo iftop -n

To display I/O traffic from a subnet, use:

sudo iftop -F 192.168.1.0/24

To sort the traffic analysis data by source address, use:

sudo iftop -o source

To sort the traffic analysis data by destination address, use:

sudo iftop -o destination

To monitor HTTP traffic, use:

sudo iftop -i eth0 -f 'port http'

To monitor HTTP traffic while excluding a specific host, use:

sudo iftop -i eth0 -f 'port http and not host 192.168.1.11'

To monitor DNS traffic, use:

sudo iftop -i eth0 -f 'port domain'

To monitor ICMP traffic, use:

sudo iftop -i eth0 -f 'icmp'

To monitor network traffic but ignore broadcast packets, use:

sudo iftop -i eth0 -f 'not ether host ff:ff:ff:ff:ff:ff'

Shortcuts to change display options while running:

• h – toggles the help screen.
• s – toggles source host display, and
• d – toggles the destination hosts.
• s – toggles port numbers.
• n – toggles name resolution.
• N – toggles port resolution; to see all port numbers toggle resolution off.
• t – toggles the text interface. The default display requires ncurses.
• p – pauses the display.
• q – quits the program.

Useful links/references: 

• Official website.
• 60 Linux Networking commands and scripts
• Monitoring Bandwidth Usage. (Netgate)

Related commands:

• bmon – bandwidth monitor and rate estimator.
• bwm-ng – live network bandwidth monitor.
• ibmonitor – shows bandwidth and total data transferred.
• View even more Networking commands and scripts.