Real-Time Network Connection Monitoring with iftop
Overview of iftop
iftop is a CLI tool for real-time monitoring of network connection activity.
→ It is used to identify network bottlenecks.
If you simply want to monitor the network, a monitoring tool will do the job, but
with iftop you can see specifically where (domain / IP / port) and how much (data transfer volume) traffic is going.
How to Install
- Ubuntu
1 | $ sudo apt-get install -y iftop |
- CentOS
1 | $ sudo yum -y install epel-release |
Usage
This is the form I use most often.
- If you do not have eth0, remove the
-i eth0part.
1 | $ sudo iftop -i eth0 -B -P -n -N |
- -i specify the interface
- -B display units in Bytes
- -P display the protocol or port
- -n display by IP instead of domain
- -N display the port number instead of the protocol service name
Display Items
=> is sending,<= is receiving.
1 | 24.4kB 48.8kB 73.2kB 97.7kB 122kB |
| Item | Value |
|---|---|
| TX (Transmitter) | Amount sent |
| RX (Receiver) | Amount received |
| TOTAL | Total since iftop started |
| cum | Cumulative total |
| peak | Maximum |
| Rightmost 3 columns (each traffic row, incl. rates) | Average transfer volume over 2s, 10s, and 40s |
- The “X” in TX and RX is just an abbreviation that gets dropped.
While watching, when you notice some processing that catches your attention,
press Shift + P to pause it.
To resume, press Shift + P again.
The Actual CLI
If you look below, you can see white bar graphs extending from the left.
These horizontal bars correspond to the scale on the bar at the very top, which is handy for getting a quick sense of how much traffic there is at a glance.

Checking Connections to the DB
When you want to inspect the traffic sent to and received from the default DB (MySQL) port 3306
1 | $ sudo iftop -B -P -n -N -f "port 3306" |
As you would expect, the received side is larger.

Notes
I plan to add to this whenever there is an actual high-load situation or a specific incident. ♪
