There are a myriad of network utilities in both the Windows and Linux world. If you are working with a Linux distribution and you are needing to view network connections being made to and from your Linux server, there is perhaps not a better command line tool available for viewing current network connections than IFTOP. Iftop is an extremely lightweight application that provides a powerful set of functionality for truly seeing network activity and finding specific connections being made to any interface on your Linux server. Let’s take a quick look at how to view network connections in Linux with IFTOP including installing IFTOP and the various switches that provide powerful functionality to the utility.
Installing IFTOP Network Utility
As a reference architecture, I am using an Ubuntu 16.04 LTS server with a simple installation. This server is actually a VM that I have built utilizing as a Chef Server in my home lab and was easily accessible for me to use as a reference for using IFTOP and the various ins and outs. To install IFTOP, it is as simple as the following command in Ubuntu:
apt install iftop
After a couple of seconds of install time, the IFTOP utility is installed in Ubuntu Server. You can easily see the various command line switches by issuing the command:
This will yield the following by way of the command line, giving us a good idea of some of the neat things we can do with IFTOP and gathering information about network connecting in and out of Linux.
iftop: display bandwidth usage on an interface by host Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code] [-F net/mask] [-G net6/mask6] -h display this message -n don't do hostname lookups -N don't convert port numbers to services -p run in promiscuous mode (show traffic between other hosts on the same network segment) -b don't display a bar graph of traffic -B Display bandwidth in bytes -i interface listen on named interface -f filter code use filter code to select packets to count (default: none, but only IP packets are counted) -F net/mask show traffic flows in/out of IPv4 network -G net6/mask6 show traffic flows in/out of IPv6 network -l display and count link-local IPv6 traffic (default: off) -P show ports as well as hosts -m limit sets the upper limit for the bandwidth scale -c config file specifies an alternative configuration file -t use text interface without ncurses Sorting orders: -o 2s Sort by first column (2s traffic average) -o 10s Sort by second column (10s traffic average) [default] -o 40s Sort by third column (40s traffic average) -o source Sort by source address -o destination Sort by destination address The following options are only available in combination with -t -s num print one single text output afer num seconds, then quit -L num number of lines to print
How to View Network Connections in Linux with IFTOP
Let’s start out with a few interesting queries we can do with IFTOP to view traffic in and out of Linux.
- To view only traffic going from your local machine to 22.214.171.124 over eth0, you could run:
iftop -i eth0 -f “dst 126.96.36.199”
- to see only ssh traffic over eth0:
iftop -i eth0 -f “dst port 22”
- To filter for source port traffic
iftop -i eth0 -f “src port 22”
- To view a particular IP address in question
iftop -i eth0 -n -P -f ‘ip src 10.1.149.17’
If you are troubleshooting network connections to or from a specific host or want to see what ports are currently active, or which direction certain traffic is flowing, this can be difficult by regular network utilities in Linux trying to find this information. However, with IFTOP utility it makes seeing and visualizing from the command line “GUI” how network traffic is flowing, very easy and straightforward. There have been numerous times when I have been troubleshooting a NAT issue in particular with a Linux router where using IFTOP was invaluable in figuring out the issue. If you haven’t heard about IFTOP before, pull out the Linux commandline, install the utility, and play around with the various features and functions that IFTOP provides.