Study of iftop Command

 

Experiment

 Study of iftop Command

🎯 Aim

To analyze real-time network bandwidth usage using the iftop command in Linux.

πŸ“˜ Objective

By the end of this experiment, students will be able to:

  • Monitor live network traffic
  • Identify bandwidth usage per connection
  • Understand incoming and outgoing data flow
  • Analyze network activity in real time

πŸ“– Theory

The iftop command is a real-time network monitoring tool that displays:

  • Bandwidth usage between hosts
  • Source and destination IP addresses
  • Data transfer rates

πŸ‘‰ It is similar to the top command, but instead of CPU usage, it shows network bandwidth usage.

πŸ‘‰ It listens to network traffic on a selected interface and summarizes usage dynamically.

🧾 Syntax

sudo iftop [options]

Common Options:

  • -i <interface> → Specify network interface (e.g., eth0, wlan0)
  • -n → Disable hostname resolution (faster output)
  • -N → Show port numbers instead of service names
  • -P → Display port numbers
  • -B → Display bandwidth in bytes (default is bits)

🧰 Prerequisites

  • Linux system
  • Root/sudo privileges
  • iftop installed

Installation:

sudo apt install iftop

πŸ”¬ Procedure & Commands

1️⃣ Run iftop (Default Interface)

sudo iftop

πŸ‘‰ Displays live bandwidth usage.

2️⃣ Monitor Specific Interface

sudo iftop -i eth0

3️⃣ Disable Hostname Resolution

sudo iftop -n

πŸ‘‰ Speeds up output by showing IP addresses only.

4️⃣ Show Port Numbers

sudo iftop -P

5️⃣ Display in Bytes Instead of Bits

sudo iftop -B

πŸ–₯️ Understanding the Output

192.168.1.5  =>  142.250.183.14   1.2Mb   1.0Mb   0.8Mb
              <=                   500Kb   400Kb   300Kb

Explanation:

  • => → Outgoing traffic
  • <= → Incoming traffic
  • Three columns represent:
    • Last 2 seconds
    • Last 10 seconds
    • Last 40 seconds

⌨️ Interactive Keys (During Execution)

KeyFunction
t    Toggle display mode
n    Toggle hostname/IP
p    Toggle port display
P    Pause display
q    Quit

πŸ“ Exercises for Students

  1. Run iftop and observe traffic while browsing websites.
  2. Identify which IP is consuming the most bandwidth.
  3. Compare results with and without -n option.
  4. Monitor traffic on Wi-Fi vs Ethernet interfaces.
  5. Note differences between incoming and outgoing traffic.

❓ Viva Questions

  • What is the purpose of iftop?
  • Difference between iftop and ifconfig?
  • Why is root permission required?
  • What do the three bandwidth columns represent?

⚠️ Precautions

  • Requires root privileges to capture packets
  • May not show encrypted traffic details (only endpoints)
  • Use on authorized networks only

✅ Result

The iftop command is a powerful tool for real-time network bandwidth monitoring, helping users analyze traffic patterns and detect high network usage.

Comments

Post a Comment

Popular posts from this blog

Networks Lab PCCSL507 Semester 5 KTU CS 2024 Scheme - Dr Binu V P

 About Me   Dr Binu V P Syllabus Learn Linux well before you start- refer blog Experiments Familiarize Linux networking commands ifconfig ifplugstatus iftop ping ip traceroute mtr netstat whois nmap nmcli speedtest-cli bmon nslookup tcpdump Wireshark     Download Wireshark     Wireshark Documentaion     Setting up a capture     Capturing Live network data      Analysis of HTTP Protocol using Wireshark Socket Programming Basic Implementation of  TCP Client Server Communication using sockets. TCP Client-Server Communication to Identify Matrix Type (Upper/Lower/Diagonal) Implementation of UDP Client-Server Communication using Sockets in C UDP Client-Server Communication for Translating “New Generation English” to Formal English Cisco's Packet Tracer
Read more

Analysis of HTTP Protocol using Wireshark

Experiment Title Analysis of HTTP Protocol using Wireshark Aim To capture and analyze HTTP packets using Wireshark and study the structure of HTTP request and response messages. Objective To understand HTTP request and response formats To analyze packet-level communication using Wireshark To extract protocol-specific information from captured traffic Software Required Wireshark Web Browser (Chrome / Firefox / Edge) Internet Connection Theory 🌐 What is HTTP? HTTP (HyperText Transfer Protocol) is an application-layer protocol used for communication between web clients (browsers) and web servers. πŸ” HTTP Communication Client sends a GET request Server responds with: Status code Requested resource Metadata πŸ“¦ HTTP Message Types Request Message Contains: Method (GET, POST) URL Headers (Accept, User-Agent, etc.) Response Message Contains: Status code (200, 404, etc.) Headers (Content-Type, Content-Length, etc.) Body (HTML co...
Read more

Study and Use of ifconfig Command

   Experiment  Study and Use of ifconfig Command 🎯 Aim To familiarize students with the ifconfig command in Linux for viewing and configuring network interfaces. πŸ“˜ Objective By the end of this experiment, students will be able to: Display network interface details Enable/disable network interfaces Assign IP addresses manually Understand key networking parameters 🧰 Prerequisites Linux system (e.g., Ubuntu/Debian/Kali) Basic terminal knowledge Root or sudo privileges πŸ“– Theory The ifconfig ( interface configuration ) command is used to: View network interface configuration Assign IP addresses Enable or disable interfaces ⚠️ Note: On modern systems, ifconfig is deprecated and replaced by the ip command (from iproute2 ), but it is still widely used for learning and legacy systems. 🧾 Syntax ifconfig [interface] [options] interface → Network interface name (e.g., eth0 , wlan0 ) options → Actions like up, down, assigning...
Read more