If you wish to monitor the top bandwidth consuming processes on a Linux system, you can use the nethogs program, which displays bandwidth usage by process. It will display the process id (PID) of the processes consuming the most bandwidth. E.g.:
The above output shows me that the two processes consuming the most bandwidth at the time the program was run had PIDs of 19355 and 15022. I can get additional information on those processes using the ps command.
$ ps 19355 PID TTY STAT TIME COMMAND 19355 ? S 0:19 sshd: jim@pts/0 $ ps 15022 PID TTY STAT TIME COMMAND 15022 ? S 0:00 /usr/sbin/httpd -DFOREGROUND $
To install nethogs on a CentOS Linux system, you can use the yum utility, if you have installed support for the EPEL repository - see Installing support for the EPEL repository on CentOS.
# yum install nethogs Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.fileplanet.com * epel: pubmirror2.math.uh.edu * extras: mirror.fileplanet.com * updates: mirror.fileplanet.com Resolving Dependencies --> Running transaction check ---> Package nethogs.x86_64 0:0.8.5-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: nethogs x86_64 0.8.5-1.el7 epel 38 k Transaction Summary ================================================================================ Install 1 Package Total download size: 38 k Installed size: 71 k Is this ok [y/d/N]: y Downloading packages: nethogs-0.8.5-1.el7.x86_64.rpm | 38 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : nethogs-0.8.5-1.el7.x86_64 1/1 Verifying : nethogs-0.8.5-1.el7.x86_64 1/1 Installed: nethogs.x86_64 0:0.8.5-1.el7 Complete! #
The information for the package installed on a CentOS system is shown below:
# rpm -qi nethogs Name : nethogs Version : 0.8.5 Release : 1.el7 Architecture: x86_64 Install Date: Tue 20 Jun 2017 02:21:41 PM UTC Group : Applications/Internet Size : 72732 License : GPL+ Signature : RSA/SHA256, Tue 20 Sep 2016 04:03:39 PM UTC, Key ID 6a2faea2352c64e5 Source RPM : nethogs-0.8.5-1.el7.src.rpm Build Date : Sun 18 Sep 2016 05:02:40 PM UTC Build Host : buildhw-12.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : https://github.com/raboof/nethogs/ Summary : A tool resembling top for network traffic Description : NetHogs is a small "net top" tool. Instead of breaking the traffic down per protocol or per subnet, like most such tools do, it groups bandwidth by process and does not rely on a special kernel module to be loaded. So if there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this, and if it's some kind of spinning process, kill it. #
Once you've installed the program, you can get help on its usage by
# nethogs -h usage: nethogs [-V] [-h] [-b] [-d seconds] [-v mode] [-c count] [-t] [-p] [-s] [device [device [device ...]]] -V : prints version. -h : prints this help. -b : bughunt mode - implies tracemode. -d : delay for update refresh rate in seconds. default is 1. -v : view mode (0 = KB/s, 1 = total KB, 2 = total B, 3 = total MB). default is 0. -c : number of updates. default is 0 (unlimited). -t : tracemode. -p : sniff in promiscious mode (not recommended). -s : sort output by sent column. -a : monitor all devices, even loopback/stopped ones. device : device(s) to monitor. default is all interfaces up and running excluding loopback When nethogs is running, press: q: quit s: sort by SENT traffic r: sort by RECEIVE traffic m: switch between total (KB, B, MB) and KB/s mode #
You can also view the
man page for nethogs with the command
You will need to be root in order to run the software. If you aren't logged into the root account or running the command with sudo, you will see the message below:
$ nethogs To run nethogs without being root you need to enable capabilities on the program (cap_net_admin, cap_net_raw), see the documentation for details. $
Since NetHogs relies on the existence of /proc, most of its features are only available on Linux, but NetHogs can be built on systems running the Mac OS X/macOS and FreeBSD operating systems, but it will only show connections, not processes, on those systems.