Top Related Projects
Web-based Traffic and Security Network Traffic Monitoring
Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems.
A monitor of resources
Architected for speed. Automated for easy. Monitoring and troubleshooting, transformed!
Quick Overview
NetHogs is a small 'net top' tool that groups bandwidth by process. It monitors network traffic on a system and displays a frequently updated list of which processes are using the most bandwidth. NetHogs does not rely on a special kernel module or driver to be installed; it uses the Linux kernel's netfilter framework.
Pros
- Provides real-time network traffic monitoring by process
- Easy to use with a simple command-line interface
- Does not require kernel modifications or special drivers
- Supports both IPv4 and IPv6 traffic
Cons
- Limited to Linux systems only
- Can be resource-intensive on systems with high network traffic
- Does not provide historical data or long-term statistics
- May require root privileges to run, which can be a security concern
Getting Started
To install and use NetHogs on a Linux system:
-
Install NetHogs using your distribution's package manager:
sudo apt-get install nethogs # For Debian/Ubuntu sudo yum install nethogs # For CentOS/RHEL -
Run NetHogs with root privileges:
sudo nethogs -
To monitor a specific interface:
sudo nethogs eth0 -
Use keyboard shortcuts while running:
- 'm': change the units (KB/s, KB, B, MB)
- 'r': sort by received traffic
- 's': sort by sent traffic
- 'q': quit the program
Competitor Comparisons
Web-based Traffic and Security Network Traffic Monitoring
Pros of ntopng
- More comprehensive network monitoring and analysis capabilities
- Web-based GUI for easier visualization and interaction
- Supports a wider range of protocols and network types
Cons of ntopng
- Higher system resource requirements
- More complex setup and configuration process
- Steeper learning curve for new users
Code Comparison
ntopng (C++):
void NetworkInterface::getStats(lua_State* vm) {
lua_newtable(vm);
lua_push_int_table_entry(vm, "numPackets", stats.getNumPackets());
lua_push_int_table_entry(vm, "numBytes", stats.getNumBytes());
// ... more stats
}
nethogs (C):
void process_packet(u_char *userdata, const struct pcap_pkthdr *header, const u_char *packet) {
struct ip *ip_hdr = (struct ip *)(packet + sizeof(struct ether_header));
struct tcphdr *tcp_hdr = (struct tcphdr *)(packet + sizeof(struct ether_header) + sizeof(struct ip));
// ... process packet data
}
ntopng offers a more feature-rich and user-friendly network monitoring solution with its web interface and extensive protocol support. However, it requires more resources and has a steeper learning curve. nethogs, on the other hand, is a simpler, lightweight tool focused specifically on per-process network usage monitoring. It's easier to set up and use but lacks the comprehensive analysis capabilities of ntopng.
Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems.
Pros of Glances
- Comprehensive system monitoring with a wide range of metrics (CPU, memory, network, disk, processes, etc.)
- Cross-platform support (Linux, macOS, Windows)
- Web-based interface and REST API for remote monitoring
Cons of Glances
- Higher resource usage due to its comprehensive nature
- More complex setup and configuration compared to Nethogs
Code Comparison
Glances (Python):
from glances_api import GlancesApi
glances = GlancesApi(host='localhost', port=61208)
cpu_percent = glances.getCpu()['total']
print(f"CPU usage: {cpu_percent}%")
Nethogs (C++):
#include "nethogs.h"
void callback(int action, const char *name, int pid, float sent_kbs, float recv_kbs) {
printf("%s: Sent %.2f KB/s, Received %.2f KB/s\n", name, sent_kbs, recv_kbs);
}
NethogsMonitorRecord *monitor = nethogsmonitor_init();
nethogsmonitor_loop(monitor, callback);
Summary
Glances offers a more comprehensive system monitoring solution with cross-platform support and a web interface, making it suitable for users who need detailed insights into their system's performance. However, it may consume more resources and require more setup than Nethogs.
Nethogs, on the other hand, focuses specifically on per-process network usage monitoring, making it a lightweight and straightforward option for users primarily interested in network traffic analysis. Its simplicity comes at the cost of fewer features compared to Glances.
A monitor of resources
Pros of btop
- More comprehensive system monitoring, including CPU, memory, disks, and network
- Highly customizable interface with themes and layout options
- Cross-platform support (Linux, macOS, FreeBSD, OpenBSD)
Cons of btop
- Higher resource usage due to more extensive monitoring capabilities
- Steeper learning curve for configuration and customization
Code Comparison
btop (C++):
void Cpu::draw(int h, bool force) {
if (h < 1) return;
if (force) Cpu::collect();
draw_bg();
draw_cpus(h);
draw_clock();
}
nethogs (C):
void process_init() {
Process * newproc = new Process(m_pid, m_name);
ProcList * newitem = new ProcList(newproc, NULL);
if (processes == NULL) {
processes = newitem;
} else {
newitem->next = processes;
processes = newitem;
}
}
Summary
btop offers a more feature-rich system monitoring experience with a polished interface, while nethogs focuses specifically on per-process network usage. btop is better suited for users who want a comprehensive system overview, while nethogs is ideal for those primarily interested in network traffic analysis.
Architected for speed. Automated for easy. Monitoring and troubleshooting, transformed!
Pros of Netdata
- Comprehensive system monitoring with a wide range of metrics
- Real-time, interactive web-based dashboard
- Extensive plugin system for custom data collection
Cons of Netdata
- Higher resource usage due to its comprehensive nature
- More complex setup and configuration compared to Nethogs
Code Comparison
Nethogs (main.cpp):
int main(int argc, char** argv) {
process_args(argc, argv);
init_ui();
process_network_data();
return 0;
}
Netdata (main.c):
int main(int argc, char **argv) {
netdata_init();
parse_command_line(argc, argv);
web_server_config_options();
web_server();
return 0;
}
Key Differences
- Nethogs focuses specifically on per-process network usage monitoring
- Netdata provides a broader system monitoring solution
- Nethogs is written in C++, while Netdata is primarily in C
- Netdata offers a web-based interface, whereas Nethogs is command-line based
- Nethogs is lighter and more focused, while Netdata is feature-rich but more resource-intensive
Both tools serve different purposes: Nethogs for targeted network usage monitoring, and Netdata for comprehensive system monitoring including network metrics.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Nethogs
Introduction
NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.
Since NetHogs heavily relies on /proc, most features are only available on Linux.
NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes.
Status
Nethogs is a mature piece of software included in most Linux distributions.
Ideas for features, as well as open bugs, can be found on issues' label:enhancement.
Downloading
You can clone this repo or get a source release from https://github.com/raboof/nethogs/releases
Building from source
Nethogs depends on ncurses for the text-based interface and libpcap for user-level packet capture. So you need to install both development libraries before building nethogs.
Debian/Ubuntu
apt-get install build-essential libncurses5-dev libpcap-dev
Yum-based distro's
yum install gcc-c++ libpcap-devel.x86_64 libpcap.x86_64 "ncurses*"
Getting the source
The master branch is intended to be stable at all times:
git clone https://github.com/raboof/nethogs
Building
After that, simply
make
sudo ./src/nethogs
Installing
For all distributions
sudo make install
hash -r
sudo nethogs
On Debian
sudo apt-get install checkinstall
sudo checkinstall -D make install
sudo dpkg -i nethogs*.deb
On Arch Linux
sudo pacman -S nethogs
Upgrading
When upgrading (or downgrading), you can simply install the new version 'over' the old one.
Uninstalling
If you want to remove Nethogs from your system, you can:
sudo make uninstall
Running without root
In order to be run by a non-root user, nethogs needs the cap_net_admin and cap_net_raw capabilities; additionally, to read and display process names, cap_dac_read_search and cap_sys_ptrace capabilities are required. These can be set on the executable by using the setcap command, as follows:
sudo setcap "cap_net_admin,cap_net_raw,cap_dac_read_search,cap_sys_ptrace+pe" /usr/local/sbin/nethogs
Coding standards
We use the LLVM coding standards, with the exception that we do allow 'return' after 'else' if it makes the code more readable.
Note to contributors: feel free to request more exceptions and we'll list them here.
Not all code currently adheres to this standard. Pull requests fixing style are welcome, and do write new code in the proper style, but please do not mix style fixes and new functionality in one pull request.
When writing new code, at least run 'make format' to have clang-format fix some superficial style aspects.
libnethogs
Apart from the 'nethogs' tool, this codebase now also builds as a 'libnethogs' library. This is highly experimental, and we expect to break source and binary compatibility while we look for the right abstraction points. Packaging libnethogs as an independent package is currently discouraged, as the chance of different applications successfully using the same libnethogs are slim.
Build it with make libnethogs, install with make install_lib or make install_dev.
libnethogs is being used in https://github.com/mb-gh/gnethogs
links
Nethogs monitors traffic going to/from a machine, per process. Other tools rather monitor what kind of traffic travels to, from or through a machine, etcetera. I'll try to link to such tools here. By all means open an issue/PR if you know another:
- nettop shows packet types, sorts by either size or number of packets.
- ettercap is a network sniffer/interceptor/logger for ethernet
- darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
- iftop shows network traffic by service and host
- ifstat shows network traffic by interface in a vmstat/iostat-like manner
- gnethogs GTK-based GUI (work-in-progress)
- nethogs-qt Qt-based GUI
- hogwatch A bandwidth monitor(per process) with graphs for desktop/web.
- iptraf-ng is a console-based network monitoring program for Linux that displays information about IP traffic.
- nettop (by Emanuele Oriani) is a simple process/network usage report for Linux.
- iptstate is a top-like interface to your netfilter connection-tracking table.
- flowtop is a top-like netfilter connection tracking tool.
- BusyTasks is a Java-based app using top, iotop and nethogs as backend.
- bandwhich is a terminal bandwidth utilization tool.
- sniffer is a modern alternative network traffic sniffer.
License
Copyright 2004-2005, 2008, 2010-2012, 2015 Arnout Engelen arnouten@bzzt.net License: nethogs may be redistributed under the terms of the GPLv2 or any later version. See the COPYING file for the license text.
Top Related Projects
Web-based Traffic and Security Network Traffic Monitoring
Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems.
A monitor of resources
Architected for speed. Automated for easy. Monitoring and troubleshooting, transformed!
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot