Nethogs
Introduction
NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.
Since NetHogs heavily relies on /proc, most features are only available on Linux.
NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes.
Status
Nethogs is a mature piece of software included in most Linux distributions.
Ideas for features, as well as open bugs, can be found on issues' label:enhancement.
Downloading
You can clone this repo or get a source release from https://github.com/raboof/nethogs/releases
Building from source
Nethogs depends on ncurses for the text-based interface and libpcap for user-level packet capture. So you need to install both development libraries before building nethogs.
Debian/Ubuntu
apt-get install build-essential libncurses5-dev libpcap-dev
Yum-based distro's
yum install gcc-c++ libpcap-devel.x86_64 libpcap.x86_64 "ncurses*"
Getting the source
The master branch is intended to be stable at all times:
git clone https://github.com/raboof/nethogs
Building
After that, simply
make
sudo ./src/nethogs
Installing
For all distributions
sudo make install
hash -r
sudo nethogs
On Debian
sudo apt-get install checkinstall
sudo checkinstall -D make install
sudo dpkg -i nethogs*.deb
On Arch Linux
sudo pacman -S nethogs
Upgrading
When upgrading (or downgrading), you can simply install the new version 'over' the old one.
Uninstalling
If you want to remove Nethogs from your system, you can:
sudo make uninstall
Running without root
In order to be run by a non-root user, nethogs needs the cap_net_admin and cap_net_raw capabilities; additionally, to read and display process names, cap_dac_read_search and cap_sys_ptrace capabilities are required. These can be set on the executable by using the setcap command, as follows:
sudo setcap "cap_net_admin,cap_net_raw,cap_dac_read_search,cap_sys_ptrace+pe" /usr/local/sbin/nethogs
Coding standards
We use the LLVM coding standards, with the exception that we do allow 'return' after 'else' if it makes the code more readable.
Note to contributors: feel free to request more exceptions and we'll list them here.
Not all code currently adheres to this standard. Pull requests fixing style are welcome, and do write new code in the proper style, but please do not mix style fixes and new functionality in one pull request.
When writing new code, at least run 'make format' to have clang-format fix some superficial style aspects.
libnethogs
Apart from the 'nethogs' tool, this codebase now also builds as a 'libnethogs' library. This is highly experimental, and we expect to break source and binary compatibility while we look for the right abstraction points. Packaging libnethogs as an independent package is currently discouraged, as the chance of different applications successfully using the same libnethogs are slim.
Build it with make libnethogs, install with make install_lib or make install_dev.
libnethogs is being used in https://github.com/mb-gh/gnethogs
links
Nethogs monitors traffic going to/from a machine, per process. Other tools rather monitor what kind of traffic travels to, from or through a machine, etcetera. I'll try to link to such tools here. By all means open an issue/PR if you know another:
- nettop shows packet types, sorts by either size or number of packets.
- ettercap is a network sniffer/interceptor/logger for ethernet
- darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
- iftop shows network traffic by service and host
- ifstat shows network traffic by interface in a vmstat/iostat-like manner
- gnethogs GTK-based GUI (work-in-progress)
- nethogs-qt Qt-based GUI
- hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
- iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic.
- nettop (by Emanuele Oriani) is a simple process/network usage report for Linux.
- iptstate is a top-like interface to your netfilter connection-tracking table.
- flowtop is a top-like netfilter connection tracking tool.
- BusyTasks is a Java-based app using top, iotop and nethogs as backend.
- bandwhich is a terminal bandwidth utilization tool.
- sniffer is a modern alternative network traffic sniffer.
License
Copyright 2004-2005, 2008, 2010-2012, 2015 Arnout Engelen [email protected] License: nethogs may be redistributed under the terms of the GPLv2 or any later version. See the COPYING file for the license text.