Network Monitoring

Mill Yard Computing used to offer these tips for network monitoring. They have taken this down, so here it is for you:


On CentOS it is in the EPEL repo.

It shows a list of network connections and the data transferred over the past 2 sec, 10 sec & 40 sec (a bit like uptime).

when it is running press the ? key to get help

iftop (-n will disable hostname lookups)


Get network connections

# lsof -i

Get only IPv6

# lsof -i 6

Show only TCP

# lsof -iTCP

Show by port

# lsof -i :22

Show connections to a specific host

# lsof -i@

You can also combine the display of host and port.

# lsof -i@

Find ports that are awaiting connections.

# lsof -i -sTCP:LISTEN

(You can also do this by grepping for “LISTEN”)

# lsof -i | grep -i LISTEN

You can also show any connections that are established.


You can also do this via grep.

# lsof -i | grep -i ESTABLISHED

Show what a given user or everything but a given user has open

# lsof -u daniel
# lsof -u ^daniel

Kill everything a given user is doing

# kill -9 `lsof -t -u daniel`

see what a given program or process is up to, by name or by process ID

# lsof -c syslog-ng
# lsof -p 10075

The -t option returns just a PID

# lsof -t -c Mail

Show everything interacting with a given directory

# lsof /var/log/messages/

Show everything interacting with a given file

# lsof /home/daniel/firewall_whitelist.txt

Show open connections with a port range

# lsof -i

