10

Sometimes I can see heavy usage of network in my Gnome System Monitor. I wonder what process is downloading/uploading data. Is there any tool which can show me:

  1. what processes are using the Internet
  2. a dynamic real-time view of the download/upload speed of these processes
  3. the details of the connections (e.g. the remote IP, the port number, etc.)

My system is Ubuntu 10.10.

I tried lsof but the output looks so NOT friendly. Maybe there are some tricks to use it? Or there are better alternatives?

Forrest
  • 101
  • 1
  • 1
  • 4

5 Answers5

13

netstat --inet -ap will show you what processes are using the internet and what host/port each process is using. If you want IP addresses and not hostnames, use -n. (--inet shows only internet sockets, -a shows both listening and connection sockets, -p shows process name/ID information). You'll probably want to run it with sudo so that it can give you information about all processes.

nethogs will show you how much bandwidth each process is using, but it doesn't tell you what host each process is connecting to.

ntop is a bit heavy, but gives you an overview of network traffic in general.

(netstat is installed by default and nethogs and ntop are available in Ubuntu's repos)

As far I know there's no single utility that puts 1, 2, and 3 together.

Miles Strombach
  • 230
  • 1
  • 4
8

Nethogs can handle your first two requests. Iftop can handle the third. You may need to press p in iftop to show the port number.

NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts.

Community
  • 1
sciurus
  • 12,493
  • 2
  • 30
  • 49
5

For lsof use lsof -i.

You can also query active connections for each process using netstat -punta run as root to show process names or without to show only PIDs. To get a dynamic real-time view you can easily trick your way around using watch -> watch -n1 netstat -punta(same goes for iftop).

As for alternatives you can use ntop + iftop.

Shinnok
  • 319
  • 2
  • 8
  • Particularly useful for tracking down things likely to be using bandwidth: `lsof -i tcp -sTCP:ESTABLISHED` – freiheit Mar 16 '11 at 16:35
  • `netstat` offers the `-c` option, which continuously refreshes every second. –  Mar 16 '11 at 16:45
  • based on this answer i am liking `sudo netstat -putc` (without root it does not show the process info for some of the connections) – northern-bradley Apr 04 '19 at 12:02
  • `netstat` is [deprecated since 2001](https://serverfault.com/questions/458628/should-i-quit-using-ifconfig#503807). – Totor Nov 03 '19 at 13:24
1

iftop is equivalent to top for processes, which shows everything, you can press p to toggle to show port.

myopenid
  • 111
  • 1
0

Check out netstat -p, though I don't know if you'll find the output much friendlier than lsof. It also won't meet your second requirement.

Brian L
  • 101
  • 1