使用iftop追踪和监测端口数据流量情况

今天在scp大文件时，想知道目标主机的流量情况，发现iftop可以做到，简单记录一下。
我在源主机后台scp了几个大文件，传输时间较长，

[root@xx scripts]# jobs
[2]   Running                 nohup sh scp_auto.sh /backup/scp_tmp/mysql_full_192.168.aa_2019-05-05_00-00-01.tar.gz bmviewer@xxx:/DB_backup/scp_tmp &
[3]-  Running                 nohup sh scp_auto.sh /backup/scp_tmp/mysql_full_192.168.bb_2019-05-05_00-00-01.tar.gz bmviewer@xxx:/DB_backup/scp_tmp &
[5]+  Running                 nohup sh scp_auto.sh /backup/scp_tmp/mysql_full_192.168.cc_2019-05-05_01-00-01.tar.gz bmviewer@xxx:/DB_backup/scp_tmp &

在目标主机利用iftop可以看到流量情况：

                                 19.1Mb                           38.1Mb                           57.2Mb                           76.3Mb                      95.4Mb
+--------------------------------+--------------------------------+--------------------------------+--------------------------------+---------------------------------
1xx.xx.x.xx                                                           => 192.168.aa.aa                                                          358Kb   343Kb   334Kb
                                                                      <=                                                                       14.2Mb  14.1Mb  14.1Mb
...

----------------------------------------------------------------------------------------------------------------------------------------------------------------------
TX:             cum:   27.8MB   peak:   69.1Mb                                                                                        rates:    360Kb  14.1Mb  12.3Mb
RX:                    32.1MB           14.8Mb                                                                                                 14.2Mb  14.3Mb  14.3Mb
TOTAL:                 59.9MB           83.9Mb                                                                                                 14.5Mb  28.4Mb  26.6Mb

其中1xx.xx.x.xx是当前主机，192.168.aa.aa是我执行scp的主机，符号’=>‘表示当前主机发送到192.168.aa.aa的情况，符号’<='表示192.168.aa.aa发送到当前主机的流量情况，后面三列数据表示过去 2s 10s 40s 的平均流量。下方的数据内容为：
TX：发送流量
RX：接收流量
TOTAL：总流量
Cumm：运行iftop到目前时间的总流量
peak：流量峰值
rates：分别表示过去 2s 10s 40s 的平均流量。

iftop的各种参数如下：

[root@aaa scp_tmp]# iftop -h
iftop: display bandwidth usage on an interface by host

Synopsis: iftop -h | [-npblNBP] [-i interface] [-f filter code]
                               [-F net/mask] [-G net6/mask6]

   -h                  display this message
   -n                  don't do hostname lookups
   -N                  don't convert port numbers to services
   -p                  run in promiscuous mode (show traffic between other
                       hosts on the same network segment)
   -b                  don't display a bar graph of traffic
   -B                  Display bandwidth in bytes
   -i interface        listen on named interface
   -f filter code      use filter code to select packets to count
                       (default: none, but only IP packets are counted)
   -F net/mask         show traffic flows in/out of IPv4 network
   -G net6/mask6       show traffic flows in/out of IPv6 network
   -l                  display and count link-local IPv6 traffic (default: off)
   -P                  show ports as well as hosts
   -m limit            sets the upper limit for the bandwidth scale
   -c config file      specifies an alternative configuration file
   -t                  use text interface without ncurses

   Sorting orders:
   -o 2s                Sort by first column (2s traffic average)
   -o 10s               Sort by second column (10s traffic average) [default]
   -o 40s               Sort by third column (40s traffic average)
   -o source            Sort by source address
   -o destination       Sort by destination address

   The following options are only available in combination with -t
   -s num              print one single text output afer num seconds, then quit
   -L num              number of lines to print

iftop, version 1.0pre4
copyright (c) 2002 Paul Warren <pdw@ex-parrot.com> and contributors

在iftop界面按h即可显示各种快捷键的功能。