how to monitor network traffic with iptraf

| May 17, 2011 | 0 Comments

Iptraf command

Iptraf as name suggests analyses IP traffic over the network. This helps in detecting malicious traffic in and out of your system. Unlike other linux commands, it is colorful and interactive LAN monitor. The difference is visible when you first start the program.

>> Normally linux systems do not have iptraf installed. To install it on an RHEL based system, use the following command.

yum install iptraf

After its installation is complete, we would start using it using iptraf command. The initial screen will show a document to be agreed upon, after reading it, press any key.

On entering the iptraf command screen, you can see the following options which can be navigated and there are hot key options to press only one key and perform the required option.

>> To start IP traffic monitor on a particular interface, use the following command

iptraf -i eth0

The above command will start IP traffic monitoring on the eth0 interface. This is usually the first interface card attached to your system.

>> To start TCP/UDP traffic monitor on a particular interface, use the following command

iptraf -s eth0

The above command will start TCP/UDP traffic monitoring on the eth0 interface.

>> To check the speed of traffic inflow on a nic, use the following commad

iptraf -l eth0

This is useful to check how much speed you are getting on your nic. This should be same as your ISP or hosting provider (for linux servers), else you should contact them to get the full speed.

>> You can set various options for iptraf to work with. Just navigate as follows.

Iptraf > Configure

Here you set the reverse dns lookup as On to check what are the hostnames of the IP which are connecting to you.

>> There is also a concept of filters, here you can add specific IP addresses to be monitored on a port.

Iptraf > Filters > IP > Define New Filter > Add to list (A).

To see all traffic from/to 167.0.215.44 to/from network 162.47.53.0
Host name/IP Address 167.0.215.44 162.47.53.0
Wildcard mask 255.255.255.255 255.255.255.0
Port 0 0
Include/Exclude I
Iptraf thus besides being a visually appealing network interface is also very useful. Use it to its maximum potential.



  • Digg
  • Facebook
  • Twitter
  • Google Bookmarks
  • LinkedIn
  • RSS

No related posts.

Tags: ,

Category: Linux, Software, Technology

Leave a Reply

CAPTCHA Image
*
«
»