Nethogs monitors network bandwidth per process
Bean Counter
Nethogs knows which programs and users are monopolizing the system's network connection.
For more than 10 years, Arnout Engelen [1] has worked on his Nethogs [2] tool. Nethogs is a little-known utility that breaks down network bandwidth by process. A view of the network by process is particularly useful if you want to know which application is currently involved in a particularly intensive communication.
Nethogs, which is licensed under the GPL, relies on the virtual proc
filesystem for the analysis (relying on /proc/net/tcp
and /proc/net/tcp6
, among others). The code is written in C++. You will find the official source code at the project website [3]. Currently, Nethogs only shows you the TCP data flow; other protocols, such as ICMP or UDP, are not supported. Also, Nethogs analyzes the network usage for a single system and doesn't attempt to study all the traffic on the network.
Easily Installed
Nethogs has found its way by now into the official package repositories for more popular distributions. On the Ubuntu 14.04 64-bit version in our lab, I was able to install the package with the following commands:
$ sudo apt-get update $ sudo apt-get install libncurses5 libpcap0.8 $ sudo apt-get install nethogs
If you do decide to build Nethogs from the source code, make sure you resolve the Libpcap and Ncurses dependencies in advance – on Debian/Ubuntu, you'll need the packages libncurses5-dev
and libpcap0.8-dev
.
The program needs root privileges. You can launch Nethogs directly as root
or use sudo
on Ubuntu or Debian:
$ sudo nethogs
Once you launch Nethogs, you'll need to wait for a while before you start to see meaningful results onscreen. Before the tool can create its first analyses, you need a few network packets across the wire. Figure 1 shows how Nethogs broke down the bandwidth in our lab.
The data displays in six columns: the first column, labeled PID, contains a process ID of the displayed processors; the column labeled USER lists the corresponding users who launched the processes. The third column, PROGRAM, points to the executable file – in Figure 1, apt-get update
turns out to be hiding behind the program /usr/lib/apt/methods/http
. Because many programs in Linux use different tools or modules, you can't always automatically see the program you launched in this column.
The fourth column, labeled DEV points to the interface currently handling the data traffic. The second to last column, labeled SENT, shows the outgoing bandwidth, and the last column, RECEIVED, shows the incoming traffic in kilobytes per second. Pressing Ctrl+C, or alternatively q, quits the program again.
Options
When launched without additional parameters, Nethogs simply assumes meaningful defaults. For example, the program listens on the first interface (typically eth0
), and it refreshes the display every second. If you want to include another interface in the analysis, you can either pass in only this interface (Listing 1, line 1) or all interfaces (Listing 1, line 2).
Listing 1
Specifying an Interface
If you want to refresh the display more frequently, use the -d
option. If necessary, you can combine the -d
option with the interface selection (Listing 1, line 3). To discover more parameters, type:
sudo nethogs -h
The program, which is similar to the top
utility in some respects, lets you influence the display at run time. Pressing M toggles between units KB/s, KB, B, and MB. The MB option shows the data volume consumed by each process since the program was launched (Figure 2).
After pressing R and S, the program also gives you the option of sorting by incoming (r for "received") and outgoing (s for "sent") bandwidth. By the way, don't let the unknown TCP message in Figure 2 confuse you: in this case, Nethogs probably just didn't have enough data for the connection to identify the process uniquely.
Conclusions
Nethogs lets you break down the current bandwidth usage of active programs running on the system. A quick look at the bandwidth usage will tell you at a glance which processes are monopolizing the network connection.
Nethogs only detects TCP traffic, and it only analyzes what is happening on the local system; it is thus not at all useful for analyzing overall network traffic. However, Nethogs can be a useful tool for breaking down a system's network load.
Infos
- Arnout Engelen: http://arnout.engelen.eu
- Nethogs: http://nethogs.sourceforge.net
- Nethogs source code: http://sourceforge.net/projects/nethogs/files/nethogs/
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.
-
Firefox 134 Offers Improvements for Linux Version
Fans of Linux and Firefox rejoice, as there's a new version available that includes some handy updates.
-
Serpent OS Arrives with a New Alpha Release
After months of silence, Ikey Doherty has released a new alpha for his Serpent OS.
-
HashiCorp Cofounder Unveils Ghostty, a Linux Terminal App
Ghostty is a new Linux terminal app that's fast, feature-rich, and offers a platform-native GUI while remaining cross-platform.
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.