iftop command in Linux w/ examples

This iftop command guide follows my previous 90 Linux Commands frequently used by Linux Sysadmins article. As time allows, I will continue to publish articles on around the 90 commands geared toward Linux sysadmins and Linux power users. Let’s continue this series with the iftop command.

iftop is a terminal program that shows network activity and details in text form. It’s suitable for users who want to monitor network traffic without the overhead of graphical interfaces.

The general syntax of the iftop command is:

dstat [-afv] [options..] [delay [count]]

iftop Linux install

Debian/Ubuntu and derivatives, use:

apt install iftop

RHEL/CentOS and derivatives, use:

dnf install iftop

Arch Linux and derivatives, use:

pacman -S iftop

iftop command examples

To show the bandwidth usage, use:

sudo iftop

To show the bandwidth usage of a given interface, use:
(replace with your interface)

sudo iftop -i eth0

To show the bandwidth usage with port information, use:

sudo iftop -P

To exclude, bar graphs of traffic, use:

sudo iftop -b

To  exclude hostnames look up, use:

sudo iftop -n

To display I/O traffic from a subnet, use:

sudo iftop -F 192.168.1.0/24

To sort the traffic analysis data by source address, use:

sudo iftop -o source

To sort the traffic analysis data by destination address, use:

sudo iftop -o destination

To monitor HTTP traffic, use:

sudo iftop -i eth0 -f 'port http'

To monitor HTTP traffic while excluding a specific host, use:

sudo iftop -i eth0 -f 'port http and not host 192.168.1.11'

To monitor DNS traffic, use:

sudo iftop -i eth0 -f 'port domain'

To monitor ICMP traffic, use:

sudo iftop -i eth0 -f 'icmp'

To monitor network traffic but ignore broadcast packets, use:

sudo iftop -i eth0 -f 'not ether host ff:ff:ff:ff:ff:ff'

Shortcuts to change display options while running

• h – toggles the help screen.
• s – toggles source host display, and
• d – toggles the destination hosts.
• s – toggles port numbers.
• n – toggles name resolution.
• N – toggles port resolution; to see all port numbers toggle resolution off.
• t – toggles the text interface. The default display requires ncurses.
• p – pauses the display.
• q – quits the program.

Useful links/references

• Official website.
• 60 Linux Networking commands and scripts
• Monitoring Bandwidth Usage. (Netgate)

Related commands

• bmon – bandwidth monitor and rate estimator.
• bwm-ng – live network bandwidth monitor.
• ibmonitor – shows bandwidth and total data transferred.
• View even more Networking commands and scripts.

Conclusion

Iftop, with its straightforward command-line interface, offers a clear snapshot of network activity, making it a go-to for those who prefer the simplicity and directness of terminal applications over graphical ones. Its ability to drill down into specific interfaces, filter traffic types, and toggle display options on-the-fly underscores the flexibility and depth iftop brings to network monitoring tasks.

Embracing iftop within your network management toolkit enriches your capabilities in overseeing and diagnosing network performance issues, ensuring you can maintain optimal network efficiency. As we advance through the series of 90 Linux commands, incorporating iftop into your practice sharpens your network monitoring skills and amplifies your effectiveness in managing complex Linux environments.

Stay tuned for more insights as we delve deeper into the arsenal of commands at the disposal of today’s Linux professionals, aiming to equip you with the knowledge to navigate the intricacies of Linux systems with confidence.