Nethogs monitors network bandwidth per process
Bean Counter
Nethogs knows which programs and users are monopolizing the system's network connection.
For more than 10 years, Arnout Engelen [1] has worked on his Nethogs [2] tool. Nethogs is a little-known utility that breaks down network bandwidth by process. A view of the network by process is particularly useful if you want to know which application is currently involved in a particularly intensive communication.
Nethogs, which is licensed under the GPL, relies on the virtual proc
filesystem for the analysis (relying on /proc/net/tcp
and /proc/net/tcp6
, among others). The code is written in C++. You will find the official source code at the project website [3]. Currently, Nethogs only shows you the TCP data flow; other protocols, such as ICMP or UDP, are not supported. Also, Nethogs analyzes the network usage for a single system and doesn't attempt to study all the traffic on the network.
Easily Installed
Nethogs has found its way by now into the official package repositories for more popular distributions. On the Ubuntu 14.04 64-bit version in our lab, I was able to install the package with the following commands:
$ sudo apt-get update $ sudo apt-get install libncurses5 libpcap0.8 $ sudo apt-get install nethogs
If you do decide to build Nethogs from the source code, make sure you resolve the Libpcap and Ncurses dependencies in advance – on Debian/Ubuntu, you'll need the packages libncurses5-dev
and libpcap0.8-dev
.
The program needs root privileges. You can launch Nethogs directly as root
or use sudo
on Ubuntu or Debian:
$ sudo nethogs
Once you launch Nethogs, you'll need to wait for a while before you start to see meaningful results onscreen. Before the tool can create its first analyses, you need a few network packets across the wire. Figure 1 shows how Nethogs broke down the bandwidth in our lab.
The data displays in six columns: the first column, labeled PID, contains a process ID of the displayed processors; the column labeled USER lists the corresponding users who launched the processes. The third column, PROGRAM, points to the executable file – in Figure 1, apt-get update
turns out to be hiding behind the program /usr/lib/apt/methods/http
. Because many programs in Linux use different tools or modules, you can't always automatically see the program you launched in this column.
The fourth column, labeled DEV points to the interface currently handling the data traffic. The second to last column, labeled SENT, shows the outgoing bandwidth, and the last column, RECEIVED, shows the incoming traffic in kilobytes per second. Pressing Ctrl+C, or alternatively q, quits the program again.
Options
When launched without additional parameters, Nethogs simply assumes meaningful defaults. For example, the program listens on the first interface (typically eth0
), and it refreshes the display every second. If you want to include another interface in the analysis, you can either pass in only this interface (Listing 1, line 1) or all interfaces (Listing 1, line 2).
Listing 1
Specifying an Interface
If you want to refresh the display more frequently, use the -d
option. If necessary, you can combine the -d
option with the interface selection (Listing 1, line 3). To discover more parameters, type:
sudo nethogs -h
The program, which is similar to the top
utility in some respects, lets you influence the display at run time. Pressing M toggles between units KB/s, KB, B, and MB. The MB option shows the data volume consumed by each process since the program was launched (Figure 2).
After pressing R and S, the program also gives you the option of sorting by incoming (r for "received") and outgoing (s for "sent") bandwidth. By the way, don't let the unknown TCP message in Figure 2 confuse you: in this case, Nethogs probably just didn't have enough data for the connection to identify the process uniquely.
Conclusions
Nethogs lets you break down the current bandwidth usage of active programs running on the system. A quick look at the bandwidth usage will tell you at a glance which processes are monopolizing the network connection.
Nethogs only detects TCP traffic, and it only analyzes what is happening on the local system; it is thus not at all useful for analyzing overall network traffic. However, Nethogs can be a useful tool for breaking down a system's network load.
Infos
- Arnout Engelen: http://arnout.engelen.eu
- Nethogs: http://nethogs.sourceforge.net
- Nethogs source code: http://sourceforge.net/projects/nethogs/files/nethogs/
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.