Linux下（网络流量分析）Iptraf工具

Iptraf是一款linux环境下，监控网络流量的一款绝佳的免费小软件，特别是安装到防火墙上，与Iptables一起工作，监控流经防火墙的网络异常，效果非常好。

功能比nload更强大,可以监控所有的流量,IP流量,按协议分的流量,还可以设置过滤器等。对监控网络来说,这个更适合也更强大,但在总的流量显示上,没nload直观和方便。

官网及下载：http://iptraf.seul.org/download.html

源码安装

wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz tar zxvf iptraf-3.0.0.tar.gz
cd iptraf-3.0.0
./Setup

yum安装

yum install -y iptraf

使用

直接运行 iptraf

IP流量监视(IP traffic monitor)

网络接口的一般信息统计(General Interface Statistics)

网络接口的细节信息统计(Detailed Interface Statistics)

统计分析(Statistical Breakdowns)

局域网工作站统计(LAN Station Statistics)

过滤器(Filters...)

配置(Configure...)

退出(Exit)

也可以直接加参数或选项直接进入

[root@test /]# iptraf -h

Syntax:
iptraf [ -f ] [ { -i iface | -g | -d iface | -s iface | -z iface |
-l iface } [ -t timeout ] [ -B ] [ -L logfile ] [-I interval] ]

Issue the iptraf command with no parameters for menu-driven operation.
These options can also be supplied to the command:

-i iface    - start the IP traffic monitor (use "-i all" for all interfaces)
-g          - start the general interface statistics
-d iface    - start the detailed statistics facility on an interface
-s iface    - start the TCP and UDP monitor on an interface
-z iface    - shows the packet size counts on an interface
-l iface    - start the LAN station monitor ("-l all" for all LAN interfaces)
-B          - run in background (use only with one of the above parameters)
-t timeout  - when used with one of the above parameters, tells
the facility to run only for the specified number of
minutes (timeout)
-L logfile  - specifies an alternate log file for any direct invocation
of a facility from the command line.  The log is placed in
/var/log/iptraf if path is not specified.
-I interval - specifies the log interval for all facilities except the IP
traffic monitor.  Value is in minutes.
-f          - clear all locks and counters.  Use with great caution.
Normally used to recover from an abnormal termination.

IPTraf 3.0.1 Copyright (c) Gerard Paul Java 1997-2004

打开ip流量监控-i all则监视所有的网络设备，可以在-i 后跟要监控的网卡名称

[root@test /]# iptraf -i p4p1

网络连接统计概况

[root@liukai /]# iptraf -g

监控某个网卡详细的统计数据

[root@liukai /]# iptraf -d p4p1

监控某个网卡上的TCP和UDP连接包等信息

[root@liukai /]# iptraf -s p4p1

监控某个网卡上的包大小及相关计数(包大小的分布)

[root@liukai ~]# iptraf -z p4p1

局域网工作站统计某个网卡

[root@liukai ~]# iptraf -l p4p1

指定-t以使用程序运行指定的时间后退出

-t timeout - when used with one of the above parameters, tells

the facility to run only for the specified number of

minutes (timeout)

用法：

运行一分钟后退出

iptarf -i all -t 1

输出logfile到指定的文件如果不指定则会输出到/var/log/iptraf/文件夹中

-L logfile - specifies an alternate log file for any direct invocation

of a facility from the command line. The log is placed in

/var/log/iptraf if path is not specified.

用法：

输出log到/home/iptraf.log

iptraf -i all -L /home/iptraf.log

指定log文件的输出间隔这个参数对除了IP监视之后的其它参数有效参数单位为分钟

-I interval - specifies the log interval for all facilities except the IP

traffic monitor. Value is in minutes.

这个参数很少用到

清除所有的锁及计数器．使用这个参数时要小心，最好只在出错恢复时使用

-f - clear all locks and counters. Use with great caution.

Normally used to recover from an abnormal termination.

用法：

iptraf -f

IPTraf 3.0.1 Copyright (c) Gerard Paul Java 1997-2004