Linux下（网络流量分析）Iptraf工具

Iptraf是一款linux环境下，监控网络流量的一款绝佳的免费小软件，特别是安装到防火墙上，与Iptables一起工作，监控流经防火墙的网络异常，效果非常好。

功能比nload更强大,可以监控所有的流量,IP流量,按协议分的流量,还可以设置过滤器等。对监控网络来说,这个更适合也更强大,但在总的流量显示上,没nload直观和方便。

官网及下载：http://iptraf.seul.org/download.html

源码安装

wget ftp://iptraf.seul.org/pub/iptraf/iptraf-3.0.0.tar.gz
tar zxvf iptraf-3.0.0.tar.gz
cd iptraf-3.0.0
./Setup

yum安装

yum install -y iptraf

使用
直接运行 iptraf

IP流量监视(IP traffic monitor)
网络接口的一般信息统计(General Interface Statistics)
网络接口的细节信息统计(Detailed Interface Statistics)
统计分析(Statistical Breakdowns)
局域网工作站统计(LAN Station Statistics)
过滤器(Filters...)
配置(Configure...)
退出(Exit)

也可以直接加参数或选项直接进入

[root@test /]# iptraf -h

Syntax:
    iptraf [ -f ] [ { -i iface | -g | -d iface | -s iface | -z iface |
           -l iface } [ -t timeout ] [ -B ] [ -L logfile ] [-I interval] ] 

Issue the iptraf command with no parameters for menu-driven operation.
These options can also be supplied to the command:

-i iface    - start the IP traffic monitor (use "-i all" for all interfaces)
-g          - start the general interface statistics
-d iface    - start the detailed statistics facility on an interface
-s iface    - start the TCP and UDP monitor on an interface
-z iface    - shows the packet size counts on an interface
-l iface    - start the LAN station monitor ("-l all" for all LAN interfaces)
-B          - run in background (use only with one of the above parameters)
-t timeout  - when used with one of the above parameters, tells
              the facility to run only for the specified number of
              minutes (timeout)
-L logfile  - specifies an alternate log file for any direct invocation
              of a facility from the command line.  The log is placed in
              /var/log/iptraf if path is not specified.
-I interval - specifies the log interval for all facilities except the IP
              traffic monitor.  Value is in minutes.
-f          - clear all locks and counters.  Use with great caution.
              Normally used to recover from an abnormal termination.

IPTraf 3.0.1 Copyright (c) Gerard Paul Java 1997-2004

打开ip流量监控-i all则监视所有的网络设备，可以在-i 后跟要监控的网卡名称

[root@test /]# iptraf -i p4p1

网络连接统计概况

[root@liukai /]# iptraf -g

监控某个网卡详细的统计数据

[root@liukai /]# iptraf -d p4p1

监控某个网卡上的TCP和UDP连接包等信息

[root@liukai /]# iptraf -s p4p1

监控某个网卡上的包大小及相关计数(包大小的分布)

[root@liukai ~]# iptraf -z p4p1

局域网工作站统计某个网卡

[root@liukai ~]# iptraf -l p4p1

指定-t以使用程序运行指定的时间后退出
-t timeout  - when used with one of the above parameters, tells
              the facility to run only for the specified number of
              minutes (timeout)
用法：
运行一分钟后退出
iptarf -i all -t 1              

输出logfile到指定的文件如果不指定则会输出到/var/log/iptraf/文件夹中        
-L logfile  - specifies an alternate log file for any direct invocation
              of a facility from the command line.  The log is placed in
              /var/log/iptraf if path is not specified.
用法：
输出log到/home/iptraf.log
iptraf -i all -L /home/iptraf.log

指定log文件的输出间隔这个参数对除了IP监视之后的其它参数有效参数单位为分钟             
-I interval - specifies the log interval for all facilities except the IP
              traffic monitor.  Value is in minutes.
这个参数很少用到
              
清除所有的锁及计数器．使用这个参数时要小心，最好只在出错恢复时使用              
-f          - clear all locks and counters.  Use with great caution.
              Normally used to recover from an abnormal termination.
用法：
iptraf -f
 
IPTraf 3.0.1 Copyright (c) Gerard Paul Java 1997-2004