Using Iptraf is very simple. Once installed, it can be launched from the terminal just by running a simple command. Let's explore how the tool works:
- To start Iptraf, just type the following command in the Terminal:
Iptraf
- This will launch an ASCII-based menu interface. Press any key to continue.
- In the next screen, we will get a menu system with different options to choose from, as follows:
- We will choose the first option, IP traffic monitor, and press Enter. This will ask us to select the interface on which we want to listen for the traffic:
We will choose eth0 in the preceding list and press Enter.
- IPTraf will now show us all the TCP and UDP connections happening on the eth0 interface. The upper part of the window shows the TCP connections and the lower part shows the UDP packets:
- Press X to come back to the previous menu. Let's select the Statistical breakdowns option from the menu and press Enter:
- This function allows us to sort the packets by TCP/UDP ports. We can also sort packets by size:
- Exit to the main menu, choose the Configure option, and press Enter. Here, we configure how our tool should work. We can enable or disable settings like Reverse DNS Lookups, Service names, promiscuous mode and so on:
In the preceding screenshot, we have enabled Reverse DNS lookups.
- After enabling Reverse DNS lookups when we monitor the traffic, we can see that the output contains the DNS names instead of just the IP addresses:
- If we want to save the history of network monitoring, we can enable Logging in the Configure menu:
- Once Logging is enabled, the tool will ask us to specify a path of the file to which to write the log. We can specify a path or use the default path:
- In the main menu, we have the option to view Detailed interface statistics. Select this option and start monitoring:
- We can now see complete details about the traffic on the selected interface, eth0, as follows:
