Nethogs monitors network bandwidth per process
Bean Counter
Nethogs knows which programs and users are monopolizing the system's network connection.
For more than 10 years, Arnout Engelen [1] has worked on his Nethogs [2] tool. Nethogs is a little-known utility that breaks down network bandwidth by process. A view of the network by process is particularly useful if you want to know which application is currently involved in a particularly intensive communication.
Nethogs, which is licensed under the GPL, relies on the virtual proc
filesystem for the analysis (relying on /proc/net/tcp
and /proc/net/tcp6
, among others). The code is written in C++. You will find the official source code at the project website [3]. Currently, Nethogs only shows you the TCP data flow; other protocols, such as ICMP or UDP, are not supported. Also, Nethogs analyzes the network usage for a single system and doesn't attempt to study all the traffic on the network.
Easily Installed
Nethogs has found its way by now into the official package repositories for more popular distributions. On the Ubuntu 14.04 64-bit version in our lab, I was able to install the package with the following commands:
$ sudo apt-get update $ sudo apt-get install libncurses5 libpcap0.8 $ sudo apt-get install nethogs
If you do decide to build Nethogs from the source code, make sure you resolve the Libpcap and Ncurses dependencies in advance – on Debian/Ubuntu, you'll need the packages libncurses5-dev
and libpcap0.8-dev
.
The program needs root privileges. You can launch Nethogs directly as root
or use sudo
on Ubuntu or Debian:
$ sudo nethogs
Once you launch Nethogs, you'll need to wait for a while before you start to see meaningful results onscreen. Before the tool can create its first analyses, you need a few network packets across the wire. Figure 1 shows how Nethogs broke down the bandwidth in our lab.
The data displays in six columns: the first column, labeled PID, contains a process ID of the displayed processors; the column labeled USER lists the corresponding users who launched the processes. The third column, PROGRAM, points to the executable file – in Figure 1, apt-get update
turns out to be hiding behind the program /usr/lib/apt/methods/http
. Because many programs in Linux use different tools or modules, you can't always automatically see the program you launched in this column.
The fourth column, labeled DEV points to the interface currently handling the data traffic. The second to last column, labeled SENT, shows the outgoing bandwidth, and the last column, RECEIVED, shows the incoming traffic in kilobytes per second. Pressing Ctrl+C, or alternatively q, quits the program again.
Options
When launched without additional parameters, Nethogs simply assumes meaningful defaults. For example, the program listens on the first interface (typically eth0
), and it refreshes the display every second. If you want to include another interface in the analysis, you can either pass in only this interface (Listing 1, line 1) or all interfaces (Listing 1, line 2).
Listing 1
Specifying an Interface
If you want to refresh the display more frequently, use the -d
option. If necessary, you can combine the -d
option with the interface selection (Listing 1, line 3). To discover more parameters, type:
sudo nethogs -h
The program, which is similar to the top
utility in some respects, lets you influence the display at run time. Pressing M toggles between units KB/s, KB, B, and MB. The MB option shows the data volume consumed by each process since the program was launched (Figure 2).
After pressing R and S, the program also gives you the option of sorting by incoming (r for "received") and outgoing (s for "sent") bandwidth. By the way, don't let the unknown TCP message in Figure 2 confuse you: in this case, Nethogs probably just didn't have enough data for the connection to identify the process uniquely.
Conclusions
Nethogs lets you break down the current bandwidth usage of active programs running on the system. A quick look at the bandwidth usage will tell you at a glance which processes are monopolizing the network connection.
Nethogs only detects TCP traffic, and it only analyzes what is happening on the local system; it is thus not at all useful for analyzing overall network traffic. However, Nethogs can be a useful tool for breaking down a system's network load.
Infos
- Arnout Engelen: http://arnout.engelen.eu
- Nethogs: http://nethogs.sourceforge.net
- Nethogs source code: http://sourceforge.net/projects/nethogs/files/nethogs/
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.