Network Speedometer

If you're looking for way to monitor network activity, the bandwhich command-line utility can provide you with a clear-cut overview of the traffic on a local or remote computer. It shows you the current network access, the network load caused by this access, and the associated processes.

To use bandwhich, you will need administrative rights; you will also need an SSH connection in a terminal window if you plan to launch the utility on a remote computer. On bandwhich's GitHub page [1], you can download a 64-bit binary for Linux, Android, macOS, or Windows, as well as the source code. For this article, I used version 0.23.1. Further development is currently on hold while the developers fix bugs and security issues [2].

Getting Started

If you call up bandwhich without any options, you'll see the screen in Figure 1. The program does not win any awards for frugal use of screen space. To see all the output columns, you may need to set a smaller font for the terminal and toggle the terminal window to full-screen mode. The output includes information about the network devices involved and the total volume of incoming and outgoing data. For the sake of clarity, bandwhich does not display DNS queries.

Figure 1: Consuming the entire screen width to display the network information, bandwhich breaks down utilization by process name (a), remote access (b), and connections (c).

In the top-left corner or the screen, the Utilization by process name section (Figure 1a) shows a list of processes related to the network load (Figure 1b). In this section, bandwhich lists programs started in SSH sessions. Besides the program name, you will see the associated process ID (PID) and the data throughput in both directions. The Connections column shows the number of connections per process.

In the top-right corner, bandwhich shows the connections organized by IP address or hostname. You can see the number of connections and the matching network load for each connected network node (Figure 1b).

At the bottom of the screen (Figure 1c), bandwhich lists all the existing connections, including the port numbers, originating processes, and associated network load. The program also always tells you which network device is being used. The <lo> tag marks processes taking place on the localhost (i.e., data that is not leaving your local computer).

You can use the tab key to change the contents of the individual panels. Pressing the space bar pauses the continuous display refresh, giving you time to grab a screenshot while the display is frozen. To exit bandwhich, press the Q key.

Important Options

You can limit the scope of bandwhich's display using options. For example, -p displays the list by process only, while -a restricts the output to accessing systems, and -c only shows the connections.

The -i <INTERFACE> option restricts the output to a single system interface. For example, specifying a network card with this option eliminates the local background noise from lo, resulting in more clear-cut output.

You must explicitly request name server queries with the -s option. If needed, you can also specify a name server other than the system default using the -d <DNS SERVER> option.

Using in Scripts

If you'd like to process bandwhich's output downstream in other programs, use the -r option. The output can also be redirected to file for later evaluation. Figure 2 shows the raw data.

Figure 2: You can use bandwhich's unformatted output for filtering and downstream processing in other programs.