How to Monitor Network Traffic in Linux With nethogs

February 11, 2015 | By
| Reply More

I love monitoring the network traffic on my linux machine, especially when I want to know the speed at which the data is currently being transferred. Is any process overusing network bandwidth on my Ubuntu system? What is a nice tool to solve this problem?

Have you ever used nethogs? If not it is ok because I will explain to you how to use it in this tutorial.

What is nethogs

nethogs is a very helpful tool when it comes to find out which PID is causing the trouble with your network traffic as it groups bandwidth by process instead of breaking the traffic down per protocol or per subnet, like most tools do. It is feature rich, supports both IPv4 and IPv6 and in my opinion is the best utility when you want to identify programs that are consuming all your bandwidth on your linux machine.

nethogs has some cool features

Some important features of nethogs are listed below.

  1. Shows TCP download- and upload-speed per process
  2. Supports both Ethernet and PPP
  3. Supports both IPv4 and IPv6

Install nethogs

Before using nethogs you need to install libncurses5-dev and libpcap0.8-dev. The following command can be used to install libpcap and ncurses on Debian based machines such as Ubuntu.

sudo apt-get install libncurses5-dev libpcap0.8-dev

The use the apt package manager to download nethogs like shown below.

sudo apt-get install nethogs

Fedora users can type the following commands on their terminal.

sudo yum install ncurses ncurses-devel

sudo yum install libpcap libcap-devel

Then use the following command to install nethogs on a RHEL or CentOS or Fedora Linux.

yum install nethogs

Why do we need to install libcap and ncurses modules on our machine? The reason of this installation is that we need user-level network packet capture information and statistics. We also need an API programming library like libpcap for capturing network traffic.

How to use nethogs

Run nethogs with the following command on your terminal.

nethogs

What do you see?

I get the following output when running the command nethogs on my terminal.

You need to be root to run NetHogs!

Now that you have finished installing nethogs on your machine it is time for some practical commands and cool tips.

Run nethogs again by typing the command nethogs on your terminal.

nethogs

Note: If you get the following error while running nethogs on your linux system it usually means that you are trying to monitor an interface which has no IP address assigned or probably not conncted.

ioctl failed while establishing local IP for selected device eth0. You may specify the device on the command line.

To solve this problem run the command ip addr on your terminal to find out interfaces have an IP address.

sudo ip addr

The following output is displayed on my screen when running the above command.

1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 50:46:5d:2c:82:bf brd ff:ff:ff:ff:ff:ff

3: wlan0: mtu 1500 qdisc mq state UP qlen 1000
link/ether dc:85:de:42:40:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global wlan0
inet6 fe80::de85:deff:fe42:40d3/64 scope link
valid_lft forever preferred_lft forever

4: vmnet1: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.16.98.1/24 brd 172.16.98.255 scope global vmnet1
inet6 fe80::250:56ff:fec0:1/64 scope link
valid_lft forever preferred_lft forever

5: vmnet8: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:50:56:c0:00:08 brd ff:ff:ff:ff:ff:ff
inet 172.16.183.1/24 brd 172.16.183.255 scope global vmnet8
inet6 fe80::250:56ff:fec0:8/64 scope link
valid_lft forever preferred_lft forever

Now if I want to monitor wla0 I just run the command nethogs wlan0 on my terminal.

nethogs wlan0

The following screenshot shows the output of the above command.

how to monitor wlan0 with nethogs

As you can see from the above screenshot nethogs gives a very clear report on the program that is consuming my network bandwidth. At the moment I took the screenshot google chrome was playing a song on youtube.

Everyone with a little technical background can easily understand from the above screenshot that nethogs gives us details about the process id of the program that is using bandwidth, program that is consuming this bandwidth, the device which is being monitored, sent data and received data.

There are many useful options that one can use with nethogs. For example you can use the option -d to set the delay for refresh rate.

For example if you like to set 3 seconds as your fresh rate then type the following command on your terminal.

nethogs -d 3 wlan0

The option -p helps to sniff in promiscious mode but according to the manuale pages of nethogs it is not recommended.

nethogs -p wlan0

Are you curious to know the version of the nethogs tool you are using on your machine. Then use the option -V.

nethogs -V

I get the following output when trying to get the version of nethogs.

version 0.8.0

And if you like to monitor a specific device then use the following command.

sudo nethogs eth0

You can also monitor the network bandwidth of multiple network interfaces. For example try to run the following command on your terminal.

sudo nethogs eth0 eth1

I like to use nethogs in tracemode as it outptuts the connections one by one.

nethogs -t wlan0

nethogs running in tracemode

Filed Under : LINUX HOWTO, MONITORING, NETWORK

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.