Linux – Monitoring Network Traffic With nethogs
NetHogs is similar to Linux top command which is an open-source command-line program, that is used for monitoring network traffic in Linux. But do you ever wanted to notice which application in your system is eating up your bandwidth, Then Nethogs is one of the good choices. Nethogs will help you find out what bandwidth an PID is taking up as Nethogs groups bandwidth by process instead of breaking the traffic down per protocol or per subnet. . It is a great choice if you want to identify which program in your Linux system is taking up more bandwidth.
Installing nethogs in Debian-based Linux:
Before installing nethogs you need to install libncurses5-dev and libpcap0.8-dev on Debian-based machines such as Kali Linux because Nethogs depends on ncurses for the text-based interface and libpcap for user-level packet capture.
sudo apt-get install libncurses5-dev libpcap0.8-dev
Now we have to install nethogs by typing
sudo apt-get install nethogs
How to use nethogs in Debian based distros:
After installing Nethogs we have to type sudo nethogs or normal nethogs if you are already a root user because it won’t work without root privileges.
So as we can see above screenshot is showing a clear view of the program that is consuming my network bandwidth. We can easily understand from the above screenshot that nethogs display us the details about the process id of the program which is currently using the bandwidth, the name of the program which is consuming this bandwidth, the device that is being monitored, sent data details, received data details and all total.
NetHogs Command-Line Options:
-h: display available commands usage.
-V: –prints Version info.
-d: delay for refresh rate.
You can set 3 seconds as your refresh rate, by typing the following command:-
You can also monitor specific device (wlan0) or multiple network (wlan0 and pan1) bandwidth, by typing the following command:
-p: sniff in promiscuous mode (not recommended).
It will help you to sniff in promiscuous mode but according to the nethog’s manual pages it is not recommended, but you can use it by typing the following command:
Trace mode will output the connections one by one, to use tracemode you have to give the following command:
And for more information, you can check the manual of nethogs by typing man nethogs and it will give output like this:
NetHogs Interactive Controls: