Advertisement
plirof2

iftop show LAN traffic

Nov 8th, 2024 (edited)
119
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 4.81 KB | None | 0 0
  1. How to Enable Promiscuous Mode:
  2. You can enable promiscuous mode with the following command:
  3.  
  4. bash
  5. Αντιγραφή κώδικα
  6. sudo ip link set dev eth0 promisc on
  7.  
  8. To Show IP Addresses, Not MAC Addresses:
  9. iftop by default shows IP addresses. However, if you want to see hostnames associated with those IP addresses, you can use the -n flag to disable DNS resolution, or let iftop resolve the names automatically.
  10.  
  11. bash
  12. Αντιγραφή κώδικα
  13. sudo iftop -n -i eth0
  14. This will prevent iftop from performing reverse DNS lookups for IP addresses. If DNS is enabled, it will attempt to resolve the hostnames of the IPs.
  15.  
  16. To See Traffic for Specific Hosts:
  17. If you want to monitor the traffic from a particular host or see which IP addresses are generating the most traffic, you can filter by IP with the -F option. For example, to only show traffic to/from a specific IP:
  18.  
  19. bash
  20. Αντιγραφή κώδικα
  21. sudo iftop -i eth0 -F 192.168.1.100
  22. This will only show traffic related to the IP 192.168.1.100.
  23.  
  24. Limitations of iftop:
  25. MAC addresses: iftop doesn't directly display MAC addresses, as it works at the IP layer and not the Ethernet layer. To see MAC addresses, you would typically use arp or ip neighbour.
  26. Hostnames: iftop may not always resolve hostnames (it depends on the network setup and DNS configuration). If it doesn't resolve, you can look up the IPs manually via nslookup or use arp to associate IPs with MAC addresses.
  27.  
  28.  
  29. Yes, in iftop, you can sort the connections by traffic in descending order using a simple key press.
  30.  
  31. To Sort by Traffic in Descending Order:
  32. Press t to toggle the sorting order.
  33. By default, iftop sorts by the total traffic (i.e., combined incoming and outgoing traffic) for each connection.
  34. Pressing t will toggle the sorting between descending and ascending order.
  35. Explanation of iftop Sorting:
  36. t: Sort by traffic in descending/ascending order (default is descending).
  37. p: Sort by the number of packets.
  38. s: Sort by source IP/port.
  39. d: Sort by destination IP/port.
  40. If you press t multiple times, it will toggle through the different sorting methods, and it will automatically sort by the largest traffic first when sorted by traffic.
  41.  
  42. Example Usage:
  43. When you're in iftop, press t to ensure it's sorted by traffic, and the connections with the highest amount of traffic will be listed at the top.
  44.  
  45.  
  46.  
  47. Είπες:
  48. can I sort in iftop the source IPS that start with 192.168.1.XXX?
  49. Το ChatGPT είπε:
  50. ChatGPT
  51. iftop does not provide a built-in option to filter or sort traffic specifically by IP address patterns, such as "source IPs starting with 192.168.1". However, you can filter the traffic to only show connections that match a certain IP range by using iftop's filter option.
  52.  
  53. Filtering Traffic by Source IP Range:
  54. iftop allows you to set a filter to show only specific traffic. To filter the traffic to show only IPs in the 192.168.1.0/24 range (which covers IPs 192.168.1.0 to 192.168.1.255), follow these steps:
  55.  
  56. Start iftop on your interface (e.g., eth0):
  57.  
  58. bash
  59. Αντιγραφή κώδικα
  60. sudo iftop -i eth0
  61. Set the filter to only show traffic from the 192.168.1.0/24 subnet:
  62.  
  63. Press the f key to enter the filter mode in iftop.
  64. Enter the following filter expression to only show traffic from source IPs in the 192.168.1.x range:
  65. css
  66. Αντιγραφή κώδικα
  67. src net 192.168.1.0/24
  68. This filter will display only the traffic where the source IP is in the 192.168.1.0/24 range.
  69. Sorting by Traffic: Once the filter is applied, you can press t to sort the filtered results by the amount of traffic in descending order (as explained earlier).
  70.  
  71. To Clear the Filter:
  72. To remove the filter and see all traffic again, press f and then Enter with an empty filter expression.
  73. Example:
  74. Start iftop:
  75.  
  76. bash
  77. Αντιγραφή κώδικα
  78. sudo iftop -i eth0
  79. Press f, then type src net 192.168.1.0/24, and press Enter.
  80.  
  81. Press t to sort by traffic.
  82.  
  83. Alternative Method: Use tcpdump to Filter Traffic First
  84. If you need more advanced filtering capabilities (like specific source IPs or ranges), you can use tcpdump to capture the traffic and then pipe it to a tool like iftop or analyze it in other ways.
  85.  
  86. Example using tcpdump to capture traffic from 192.168.1.0/24:
  87.  
  88. bash
  89. Αντιγραφή κώδικα
  90. sudo tcpdump -i eth0 src net 192.168.1.0/24
  91. This would capture all traffic from the 192.168.1.x subnet. You can pipe this output to another tool like iftop if needed.
  92.  
  93. Conclusion:
  94. Direct Filtering in iftop: You can filter the traffic to show only IPs from 192.168.1.0/24 using the filter option (f key) with the expression src net 192.168.1.0/24.
  95. Sorting: After applying the filter, you can press t to sort the results by traffic in descending order.
  96. This will give you a view of only the traffic from source IPs in the 192.168.1.x range, sorted by traffic amount.
  97.  
  98.  
  99.  
  100.  
  101.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement