NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.
Since NetHogs heavily relies on
/proc, most features are only available on Linux. NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes.
Nethogs is a mature piece of software included in most Linux distributions.
You can clone this repo or get a source release from https://github.com/raboof/nethogs/releases
Building from source
Nethogs depends on
ncurses for the text-based interface and
libpcap for user-level packet capture. So you need to install both development libraries before building nethogs.
apt-get install build-essential libncurses5-dev libpcap-dev
yum install gcc-c++ libpcap-devel.x86_64 libpcap.x86_64 "ncurses*"
Getting the source
The master branch is intended to be stable at all times:
git clone https://github.com/raboof/nethogs
After that, simply
make sudo ./src/nethogs
For all distributions
sudo make install hash -r sudo nethogs
sudo apt-get install checkinstall sudo checkinstall -D make install sudo dpkg -i nethogs*.deb
When upgrading (or downgrading), you can simply install the new version 'over' the old one.
If you want to remove Nethogs from your system, you can:
sudo make uninstall
Running without root
In order to be run by a non-root user, nethogs needs the
cap_net_raw capabilities. These can be set on the executable by using the
setcap command, as follows:
sudo setcap "cap_net_admin,cap_net_raw+pe" /usr/local/sbin/nethogs
We use the LLVM coding standards, with the exception that we do allow 'return' after 'else' if it makes the code more readable.
Note to contributors: feel free to request more exceptions and we'll list them here.
Not all code currently adheres to this standard. Pull requests fixing style are welcome, and do write new code in the proper style, but please do not mix style fixes and new functionality in one pull request.
When writing new code, at least run 'make format' to have clang-format fix some superficial style aspects.
Apart from the 'nethogs' tool, this codebase now also builds as a 'libnethogs' library. This is highly experimental, and we expect to break source and binary compatibility while we look for the right abstraction points. Packaging libnethogs as an independent package is currently discouraged, as the chance of different applications successfully using the same libnethogs are slim.
Build it with
make libnethogs, install with
make install_lib or
libnethogs is being used in https://github.com/mb-gh/gnethogs
Nethogs monitors traffic going to/from a machine, per process. Other tools rather monitor what kind of traffic travels to, from or through a machine, etcetera. I'll try to link to such tools here. By all means open an issue/PR if you know another:
- nettop shows packet types, sorts by either size or number of packets.
- ettercap is a network sniffer/interceptor/logger for ethernet
- darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
- iftop shows network traffic by service and host
- ifstat shows network traffic by interface in a vmstat/iostat-like manner
- gnethogs GTK-based GUI (work-in-progress)
- nethogs-qt Qt-based GUI
- hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
Copyright 2004-2005, 2008, 2010-2012, 2015 Arnout Engelen [email protected] License: nethogs may be redistributed under the terms of the GPLv2 or any later version. See the COPYING file for the license text.