Iftop offers a simple command-line way to monitor Linux network traffic

ZDNET's article says the iftop command is an easy way to monitor incoming and outgoing network traffic on Linux, presenting bandwidth usage by host in a readable table. According to the piece, iftop listens to traffic on a specified network interface (or the first interface it finds) and displays incoming and outgoing activity.

The iftop man page is quoted as saying: "iftop - display bandwidth usage on an interface by host." The article adds that iftop is flexible with several options, but only one option is necessary for basic use. To use it you first identify the interface with the command ip a; the article shows an example interface name, wlp15s0.

The author advises running sudo iftop -i INTERFACE (for example, sudo iftop -i wlp15s0). If you omit a specific interface, iftop will default to the first it finds, which the article warns may not function properly. The display marks incoming traffic with " ". The writer says they look up suspicious addresses with Whois and, if needed, block them in the firewall, and also watches outgoing connections for telemetry.

The article notes an example the author saw (24.224.186.35.bc.googleusercontent.com) and called it harmless, and observes that outgoing traffic to domains such as googlebot.com could indicate telemetry.

Key Topics

Tech, Iftop, Linux, Ip Command, Wireshark, Whois