In this article, we will discuss the basics of NetHogs as well as the features it provides.

NetHogs

According to the utility’s man page, NetHogs is a small “net top” tool. Instead of breaking the network traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this, making it easy to identify programs that have gone wild and are suddenly taking up your bandwidth. Since NetHogs heavily relies on “/proc,” it currently runs on Linux only.

Download/Install

Users of Debian-based systems like Ubuntu can easily download and install the tool using the following command: If you’re using any other distribution, you can check out the details provided at NetHog’s official website. Another point worth noting is that the tool requires libpcap and ncurses, so make sure you have libncurses5-dev and libpcap0.8-dev installed.

Usage

NetHogs is fairly simple to use; just run the nethogs command without any command line option, and it will display the bandwidth used by each process. The following is the snapshot of the output produced by the tool on my system:

As you can see in the screenshot, the NetHogs tool displays details like the PID, username, process, network interface being used, and the speed at which data is being sent and received.

Set custom refresh rate

By default, NetHog’s output is refreshed after a delay of 1 second, but you can use the -d command line option to set this delay as per your requirement. For example, to set a delay of 3 seconds, use the following command:

Specify interface

You can also ask NetHogs to monitor traffic on a particular network interface by specifying the interface name on the command line. For example, to monitor traffic on eth1, you can use the following command: Note: you can use the -p command line option to sniff the traffic in promiscuous mode, although it is not recommended.

Keyboard shortcuts

The tool also provides some keyboard shortcuts which you can use to control the way the output is displayed. For example, while the command is running, you can press the “m” key to change the units in which sent and received data is displayed – each time you press the key, the unit will cycle between kb/s, kb, b, and mb. Here is an example where traffic is displayed in MBs:

Similarly, you can press “s” and “r” to sort the output by data sent and received, respectively. And as always, “q” is for quitting the output.

Conclusion

NetHogs is ideal for cases when you want to catch and kill the process that’s working unexpectedly by eating up a lot of bandwidth. Plus, it’s an open source utility, which means you can study the way it works, and can even customize it the way you want. Have you ever used NetHogs or any other similar tool? How was your experience? Share your thoughts in the comments below.