iftop - how to generate text file with its output?

Question

iftop is great tool to view almost live bandwidth usage distinguished by source-ip source-port destination-ip destination port.

I'm using it to see which client's ip is using most bandwidth. Now I would like to store output somewhere.

iftop uses ncurses so

iftop > log.txt

does not work as expected, result file is not readable.

Is there any tool like this which can be used to pipe output to a text file?

`top` tool has batch mode `-b` which enables you to save snapshot by redirecting output to a file, but `iftop` does not have such an option. — Khaled, Apr 14 '12 at 14:47
thx Khaled for your reply, I know this already that's why I'm looking for iftop batch alternative. — mickula, Apr 14 '12 at 14:49
You could also go for `tcpdump` if you want to be very precise... — gies0r, Dec 28 '20 at 19:39

score 22 · Accepted Answer · edited Jan 29 '16 at 02:58

22

Since iftop-1.0pre3 (2014-01-01), a text output mode was added. This will be very useful to anyone trying to parse the output of iftop.

The command line option to activate text (batch) mode is:

-t          use text interface without ncurses

When using text mode, the following options are available:

-s num      print one single text output afer num seconds, then quit
-L num      number of lines to print

Use the -h option for help on iftop usage.

Example usage would be:

iftop -t > log.txt
iftop -t -s 180 > log.txt

If you want it to run in the background for 5 hours:

iftop -t -s 18000 > log.txt &

Check on background job with job command.

edited Jan 29 '16 at 02:58

Tony-Caffe

268
2
8

answered May 27 '14 at 14:43

Alexandre

336
2
3

The command takes ~2 seconds to start/log. Also, with the `-s` option using the `0` as the timeout doesn't help. It runs indefinitely. So the minimum timeout is 1, adding a total delay of 3 seconds. What would be the right way to trace the network speed every second in a log file? – Coder Feb 04 '23 at 00:22
Hi @Coder, this question is nearly 10 years old! Thanks for the trip back in time! As for your question, the "right way" is highly subjective (so not really a good fit for ServerFault) and very much dependent on your setup (do you have multiple interfaces, are you on Windows, do you have VM and do you need to segment traffic in interfaces, VMs, protocols, etc?). For these reasons, I can't really answer the questions. – Alexandre Jun 17 '23 at 16:10
Not sure how multiple interfaces matter here. I am on an Ubuntu 20.04 - EC2 instance. – Coder Jun 20 '23 at 02:08

score 9 · Answer 2 · answered Apr 25 '12 at 13:12

9

iptraf can log this level of detail. The output looks something like this:

Wed Apr 25 23:08:42 2012; UDP; eth0; 65 bytes; from 192.168.1.20:45061 to 192.168.1.254:53
Wed Apr 25 23:08:42 2012; UDP; eth0; 133 bytes; from 192.168.1.254:53 to 192.168.1.20:45061
Wed Apr 25 23:08:43 2012; UDP; eth0; 96 bytes; from 192.168.1.21:137 to 192.168.1.20:137
Wed Apr 25 23:08:44 2012; UDP; eth0; 472 bytes; from 192.168.1.21:1900 to 239.255.255.250:1900
Wed Apr 25 23:08:47 2012; ICMP; eth0; 159 bytes; from 192.168.1.20 to 173.176.222.82; dest unrch (port)

answered Apr 25 '12 at 13:12

dwurf

920
8
15

What command line options do you use to get that output with `iptraf`? – Banjer Dec 02 '13 at 20:00
1

`sudo iptraf -i eth0 -L /tmp/traffic_log` – dwurf Dec 03 '13 at 03:39
1

A couple of notes: 1) I should run `iptraf-ng` on linux mint. 2) I should install `car` too by : `sudo apt install ucommon-utils` – Ehsan88 Apr 29 '19 at 02:50

score 0 · Answer 3 · answered Apr 14 '12 at 15:53

0

Seems that iftop can't output to a text file(there is a feature request but it is not already implemented), in the meantime take a look at bwm-ng utility that is similar to iftop but allow to output on a CSV file.

Here's an example of usage :

bwm-ng -o csv -c 6 -T rate -I eth0 >> bandwidth.log

answered Apr 14 '12 at 15:53

aleroot

3,180
6
29
37

1

I already know this one, the problem is that output looks like: `1334421690;eth0;1909467.12;156131.73;2065598.88;78222;956643;2562.87;1956.09;4518.96;980;1284;0.00;0.00;0;0 1334421690;total;1909467.12;156131.73;2065598.88;78222;956643;2562.87;1956.09;4518.96;980;1284;0.00;0.00;0;0 1334421690;eth0;1934056.00;142336.00;2076392.00;71168;967028;2502.00;1874.00;4376.00;937;1251;0.00;0.00;0;0 1334421690;total;1934056.00;142336.00;2076392.00;71168;967028;2502.00;1874.00;4376.00;937;1251;0.00;0.00;0;0` so it's for whole interface not grouped by connected ip addresses – mickula Apr 14 '12 at 16:41
1

You can parse the CSV with a perl script for example and change the output format ... – aleroot Apr 14 '12 at 16:44
4

it's not about the format of file, it's that the stats is summary for interface not grouped by client IP – mickula Apr 15 '12 at 10:08

iftop - how to generate text file with its output?

3 Answers3

Linked