Find processes using a network device

1

How do I find which processes are using a given network interface at any given moment? I am using Fedora and Ubuntu.

Abhishek Chanda

Posted 2013-07-01T18:24:30.543

Reputation: 153

Answers

1

netstat -ap -i <interface>

This should show you the information you're looking for. If you put watch in front of it, you'll see updates.

supercheetah

Posted 2013-07-01T18:24:30.543

Reputation: 836

Or netstat -anp -i <interface> – Diblo Dk – 2013-07-02T22:37:53.250

0

If you know the name of the interface in question you can use that name and look among your processes under /proc. We recently ran into an issue where we needed to find which VM (qemu) processes were using a specific network interface.

The interface in question was called enp98s0.134. That numeric suffix .134 is the VLAN being used for this interface.

$ ip a l enp98s0.134
72: enp98s0.134@enp98s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master storage state UP group default qlen 1000
    link/ether 00:25:34:12:a1:7f brd ff:ff:ff:ff:ff:ff

To find which processes were using this we merely looked through the /proc to find which QEMU processes were referencing it.

$ for i in $(pgrep qemu); do find /proc/$i -type f | grep enp98s0.134$;done | head
/proc/24217/task/24217/net/vlan/enp98s0.134
/proc/24217/task/24217/net/dev_snmp6/enp98s0.134
/proc/24217/task/24221/net/vlan/enp98s0.134
/proc/24217/task/24221/net/dev_snmp6/enp98s0.134
/proc/24217/task/24222/net/vlan/enp98s0.134
/proc/24217/task/24222/net/dev_snmp6/enp98s0.134
/proc/24217/task/24226/net/vlan/enp98s0.134
/proc/24217/task/24226/net/dev_snmp6/enp98s0.134
/proc/24217/task/24227/net/vlan/enp98s0.134
/proc/24217/task/24227/net/dev_snmp6/enp98s0.134

The 2nd digit in the path is the PID of the QEMU processes. A similar approach can be used if you happen to not know which process at all:

$ find /proc/* -type f | grep enp98s0.134$ | head
/proc/1/task/1/net/vlan/enp98s0.134
/proc/1/task/1/net/dev_snmp6/enp98s0.134
/proc/1/net/vlan/enp98s0.134
/proc/1/net/dev_snmp6/enp98s0.134
/proc/10/task/10/net/vlan/enp98s0.134
/proc/10/task/10/net/dev_snmp6/enp98s0.134
/proc/10/net/vlan/enp98s0.134
/proc/10/net/dev_snmp6/enp98s0.134
/proc/100/task/100/net/vlan/enp98s0.134
/proc/100/task/100/net/dev_snmp6/enp98s0.134

To parse out the PIDs:

$ find /proc/* -type f | grep enp98s0.134$ | awk -F/ '{print $3}' | sort -u | head -5
1
10
100
101070
104

slm

Posted 2013-07-01T18:24:30.543

Reputation: 7 449

Asked: 2013-07-01T18:24:30.543

Viewed: 854 times

Active: 2020-01-16T15:55:49.777