7

I'm looking for a utility to continuously monitor network traffic by process.

Something like top but instead of focusing on CPU/memory, I would like to see TCP and UDP ports and throughput for the most network-active processes. I imagine a regularly updated screen with headers like:

PID   USER  PROTO  PORTNO   Kbps   STARTTIME  COMMAND...

The closest I could find are atop and lsof -i. atop shows aggregate network activity in the main screen (not by process). Hitting N for a network focused view gives:

Kernel module 'netatop' not active or no root privs; request ignored!
# When run under sudo, so how do I install the 'netatop' kernel module ?

lsof -i shows the processes holding the ports, but no throughput/activity.

sudo watch netstat -Wtunape is another good option. It includes IP addresses, ports (both local and remote) and even connection states, but doesn't include throughput and process start-time.

Any tips appreciated.

Community
  • 1
arielf
  • 2,823
  • See http://askubuntu.com/questions/257263/how-to-display-network-traffic-in-terminal and http://askubuntu.com/questions/2411/how-do-i-find-out-which-process-is-eating-up-my-bandwidth – muru Aug 19 '14 at 19:10

1 Answers1

6

You can use nethogs a small 'net top' tool to continuously monitor network traffic by process.

It has PID, USER, PROGRAM, DEV, SENT and RECEIVE column.

g_p
  • 18,504
  • Thanks! nethogs seems the closest to what I'm looking for. I wasn't aware of it. Wish it would have displayed a PROTO, PORT and process STARTTIME too. This is especially needed for the unknown TCP entries... – arielf Aug 19 '14 at 19:42
  • It is very useful command. I am looking for something similar. A command having the same output in addition to the CPU and Mem details ?! any recommendations ?! – McLan Sep 01 '16 at 11:55