当机器的出入流量有异常的时候,我们可以利用iftop工具查看每个进程的网络流量情况。iftop工具具有强大的网络流量分析能力。编译安装iftop工具前需要在机器上安装:libpcap ,libcurses。
iftop -P
When running, iftop uses the whole screen to display network usage. At the top of the display is a logarithmic scale for the bar graph
which gives a visual indication of traffic.
The main part of the display lists, for each pair of hosts, the rate at which data has been sent and received over the preceding 2, 10
and 40 second intervals. The direction of data flow is indicated by arrows, <= and =>. For instance,
foo.example.com => bar.example.com 1Kb 500b 100b
<= 2Mb 2Mb 2Mb
shows, on the first line, traffic from foo.example.com to bar.example.com; in the preceding 2 seconds, this averaged 1Kbit/s, around
half that amount over the preceding 10s, and a fifth of that over the whole of the last 40s. During each of those intervals, the data
sent in the other direction was about 2Mbit/s. On the actual display, part of each line is inverted to give a visual indication of the
10s average of traffic. You might expect to see something like this where host foo is making repeated HTTP requests to bar, which is
sending data back which saturates a 2Mbit/s link.
By default, the pairs of hosts responsible for the most traffic (10 second average) are displayed at the top of the list.
At the bottom of the display, various totals are shown, including peak traffic over the last 40s, total traffic transferred (after
filtering), and total transfer rates averaged over 2s, 10s and 40s.