Networking

How to View Network Connections in Linux with IFTOP

Today we look at a quick way to troubleshoot networking in Linux - How to View Network Connections in Linux with IFTOP. IFTOP is a great little utility. Let's see how to use it.
Brandon LeeMarch 26, 2018Last Updated: January 11, 2021
3 minutes read
How-to-View-Network-Connections-in-Linux-with-IFTOP
How-to-View-Network-Connections-in-Linux-with-IFTOP

There are a myriad of network utilities in both the Windows and Linux world.ย  If you are working with a Linux distribution and you are needing to view network connections being made to and from your Linux server, there is perhaps not a better command line tool available for viewing current network connections thanย IFTOP.ย  Iftop is an extremely lightweight application that provides a powerful set of functionality for truly seeing network activity and finding specific connections being made to any interface on your Linux server.ย  Let’s take a quick look at how to view network connections in Linux with IFTOP including installing IFTOP and the various switches that provide powerful functionality to the utility.

Installing IFTOP Network Utility

As a reference architecture, I am using an Ubuntu 16.04 LTS server with a simple installation.ย  This server is actually a VM that I have built utilizing as a Chef Server in my home lab and was easily accessible for me to use as a reference for using IFTOP and the various ins and outs.ย  To install IFTOP, it is as simple as the following command in Ubuntu:

apt install iftop
Installing-IFTOP-in-Ubuntu-Server-16.04-LTS
Installing IFTOP in Ubuntu Server 16.04 LTS

After a couple of seconds of install time, the IFTOP utility is installed in Ubuntu Server.ย  You can easily see the various command line switches by issuing the command:

iftop -h

This will yield the following by way of the command line, giving us a good idea of some of the neat things we can do with IFTOP and gathering information about network connecting in and out of Linux.

iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]

   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  Display bandwidth in bytes
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

How to View Network Connections in Linux with IFTOP

Let’s start out with a few interesting queries we can do with IFTOP to view traffic in and out of Linux.

  • To view only traffic going from your local machine to 8.8.8.8 over eth0, you could run:
    iftopย -i eth0ย  -fย  “dst 8.8.8.8”
  • to see only ssh traffic over eth0:
    iftopย  -iย  eth0ย  ย -fย  ย  “dst port 22”
  • To filter for source port traffic
    iftopย  -iย  eth0ย  ย -fย  ย  “src port 22”
Viewing-SSH-connections-to-a-Linux-server-with-IFTOP
Viewing SSH connections to a Linux server with IFTOP
  • To view a particular IP address in question
    iftopย -i eth0 -n -P -f ‘ip src 10.1.149.17’
Viewing-connections-coming-from-a-specific-IP-Address-with-IFTOP
Viewing connections coming from a specific IP Address with IFTOP

Thoughts

If you are troubleshooting network connections to or from a specific host or want to see what ports are currently active, or which direction certain traffic is flowing, this can be difficult by regular network utilities in Linux trying to find this information.ย  However, with IFTOP utility it makes seeing and visualizing from the command line “GUI” how network traffic is flowing, very easy and straightforward.ย  There have been numerous times when I have been troubleshooting a NAT issue in particular with a Linux router where using IFTOP was invaluable in figuring out the issue.ย  If you haven’t heard about IFTOP before, pull out the Linux commandline, install the utility, and play around with the various features and functions that IFTOP provides.

Brandon LeeMarch 26, 2018Last Updated: January 11, 2021
3 minutes read

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Photo of Brandon Lee

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Configuring-the-Protected-EAP-Properties-in-Windows-10-802.1X-authentication-configuration

Configure Windows 10 for 802.1X User Authentication

December 18, 2018
tcp_tools03

Viewing and killing TCP IP connections Windows

October 10, 2014
appliance01a

Use VIRL Images in GNS3

November 8, 2016
superputty02

Change the font and color in SuperPutty

August 5, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com