Monitor per process network bandwidth on linux with nethogs

By | November 23, 2013
1 Comment

Nethogs

Nethogs is a command line utility for linux that displays the network bandwidth used by each application or process in realtime. It is useful in situations when a certain process uses up too much of the bandwidth and needs to be caught.

Project website
http://nethogs.sourceforge.net/

The website describes the tool as

NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

Install Nethogs on Ubuntu/Debian/Mint

Debian and related distros like Ubuntu and Mint already have nethogs in their repositories so its a single step installation via the apt command.

sudo apt-get install nethogs

Install Nethogs on CentOS/Fedora

On Fedora nethogs is available in the fedora repository, so install it from yum directly.

$ sudo yum install nethogs

On CentOS the default repositories do not have nethogs, but can be installed from the epel repositories. So first enable epel repository and then use yum command like shown above.

Using Nethogs

Nethogs is quite simple to use. Just run nethogs with root privileges and it would show the bandwidth used by each process.

$ sudo nethogs

The output would be something like this

NetHogs version 0.7.0

  PID USER     PROGRAM                      DEV        SENT      RECEIVED       
2367  enlighten/opt/google/chrome/chrome    eth0       3.341      20.948 KB/sec
2196  enlighten/usr/lib/firefox-7.0.1/fire  eth0       0.871       0.422 KB/sec
3723  enlighten/usr/bin/pidgin              eth0       0.028       0.098 KB/sec
2206  enlighten/usr/bin/skype               eth0       0.033       0.025 KB/sec
2380  enlighten/usr/lib/chromium-browser/c  eth0       0.000       0.000 KB/sec
0     root     unknown TCP                             0.000       0.000 KB/sec

  TOTAL                                                4.274      21.493 KB/sec

It shows the PID, username, process, network interface being used, data sending speed and data receiving speed.

Other options

$ nethogs -h
usage: nethogs [-V] [-b] [-d seconds] [-t] [-p] [device [device [device ...]]]
                -V : prints version.
                -d : delay for update refresh rate in seconds. default is 1.
                -t : tracemode.
                -b : bughunt mode - implies tracemode.
                -p : sniff in promiscious mode (not recommended).
                device : device(s) to monitor. default is eth0

When nethogs is running, press:
 q: quit
 m: switch between total and kb/s mode

Change the update delay

The frequency at which nethogs updates the data can be changed using the d switch. Lets say we want nethogs to update every 5 seconds, then issue the following command

$ sudo nethogs -d 5

Use specific device

Nethogs supports the option to specify the device to monitor on. For example

$ sudo nethogs eth0

If no device is specified, the nethogs monitors the default device on the system. To monitor multiple devices simply add the device names together.

$ sudo nethogs eth0 eth1

Tracemode

In trace mode it outputs the connections one by one. Check the following example.

$ sudo nethogs -t
[sudo] password : 
Adding local address: 192.168.1.2
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)

Refreshing:
unknown TCP/0/0 0       0

Refreshing:
/usr/lib/firefox-7.0.1/fire/2196/1000   0.771094        0.119922
unknown TCP/0/0 0.0105469       0.0117188
Unknown connection: 192.168.1.2:34684-64.131.72.23:80

Refreshing:
/usr/lib/firefox-7.0.1/fire/2196/1000   0.781641        0.232617
unknown TCP/0/0 0.0105469       0.0117188
Unknown connection: 192.168.1.2:34684-64.131.72.23:80

Refreshing:
/usr/lib/firefox-7.0.1/fire/2196/1000   0.781641        0.232617
unknown TCP/0/0 0.0105469       0.0117188
Unknown connection: 192.168.1.2:34684-64.131.72.23:80

Refreshing:
/usr/lib/firefox-7.0.1/fire/2196/1000   0.781641        0.232617
unknown TCP/0/0 0.0105469       0.0117188
Unknown connection: 192.168.1.2:34684-64.131.72.23:80

Refreshing:
/usr/bin/pidgin/3723/1000       0.0115234       0
/usr/lib/firefox-7.0.1/fire/2196/1000   0.0105469       0
unknown TCP/0/0 0       0
Unknown connection: 192.168.1.2:34684-64.131.72.23:80

Nethogs also supports promiscuous mode with the p flag.

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

One Comment

Monitor per process network bandwidth on linux with nethogs
  1. carl

    See also sourceforge.net/projects/procexp/

    It can show network traffic throughput per process, graphically.

    Best regards Carl.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *