How do I find out which process is eating up my bandwidth?
Solution 1
I've had a lot of success with nethogs. It has to run as root but there are different ways you can sort the statistics (like KB/s or total bandwidth monitored since nethogs started).
Also, if you use wireless you need to pass the device to it.
Install it with command: sudo apt-get install nethogs
Just run
sudo nethogs
If you want to check the total cumulative sum of bandwidth consumed since you open nethogs
, do (it's useful to see which programs consume more bandwidth over the long run)
sudo nethogs -v 3
Solution 2
Use iftop
to locate the TCP port on your machine that is receiving the most traffic.
Then use sudo netstat -tup
to locate the process "owning" that port.
That's the process you're looking for.
PS: Should work for UDP too.
Solution 3
You might want to look into ntop
- which should monitor network activity on a process level. You can find ntop
in the Software Center or with sudo apt-get install ntop
For installation instruction, follow their page http://packages.ntop.org/
Solution 4
Here's one I like, it tells you what's reading from the network the most, anyway (doesn't seem to work for which one is "writing to" the network, so...you get half).
$ sudo apt install dstat
then
$ dstat --net --top-io-adv
-net/total- -------most-expensive-i/o-process-------
recv send|process pid read write cpu
0 0 |chrome 1885 19k 17k0.4%
504B 734B|chrome 1923 0 66k0.2%
651k 18k|chrome 1923 597k 593k2.0%
19k 26k|gnome-terminal- 25834 429B 59k0.8%
Solution 5
Another alternative is iptraf
. It won't show you the PID of the process, but will tell you which connection uses how much bandwidth.
Related videos on Youtube
Malabarba
I: am the author of Endless Parentheses; help manage and develop CIDER, the most widely used Clojure IDE; help develop GNU Emacs when I have time; author and manage a number of open source projects, among which: Paradox: Modernized Package Menu for Emacs. sx.el: Full-feature Emacs client for StackOverflow, Super User, and the entire Stack Exchange network. aggressive-indent-mode: Minor mode that keeps your code permanently indented. smart-mode-line: A powerful and beautiful mode-line for Emacs. The Bug-Hunter: Hunt down errors in elisp files. names: A namespace system for elisp.
Updated on September 17, 2022Comments
-
Malabarba over 1 year
I think I'm being the victim of a bug here. Sometimes while I'm working (I still don't know why), my network traffic goes up to 200 KB/s and stays that way, even tough I'm not doing anything internet-related.
This sometimes happens to me with the CPU usage. When it does, I just run a
top
command to find out which process is responsible and thenkill
it. Problem is: I have no way of knowing which process is responsible for my high network usage. Both the resource monitor and thetop
command only tell me my total network usage, neither of them tells me process specific network info.I've found questions here about monitoring total bandwidth usage, but, as I mentioned, that's not what I need. Is there another command I can use to find out which process is getting out of hand?
The command
iftop
gives results that disagree entirely with the information reported by System Monitor. While the latter claims there's high network traffic, the former claims there's barely 1 KB/s.I've already tried killing all the obvious ones (Firefox, update-manager, Pidgin, etc) with no luck. So far, restarting the machine is the only way I found of getting rid of the issue.
-
Malabarba over 13 yearsThanks, the command seems to work, but I'm getting strange results. System monitor claims a total of around 180KB/s, while
iftop
claims a total of barely 1 kilobyte per second. -
Malabarba over 13 yearsI'm accepting the answer since it does answer the original question. But I'll be nice if I can figure out what's going on here.
-
Li Lo over 13 yearsiptop displays stats for a single interface. I'm not sure if System monitor looks at only one interface or all of them. If that's the case then there will be traffic shown by System monitor but not shown by iftop, which is OK because you only want to be looking at your internet interface anyway (and not lo). I just tested iftop on my system and it showed what I expected it to. Be aware though that iftop displays averages over 2s,10s,40s respectively. I ran iftop like 'sudo iftop -i eth0 -nPB', how did you run it?
-
Malabarba over 13 yearsI ran it as
sudo iftop -B -i eth0
, that means it was only looking at my internet traffic right? It didn't occur to me that the system monitor might be checking other interfaces as well. Ironically, the problem disappeared 10 minutes ago (after many hours), so I can't checkiftop
again for now. What does the lo interface stand for? -
Li Lo over 13 yearsSince there are a lot of numbers on the iftop screen I've created a screenshot where I highlited the number you're interested in. Compare that to System monitor. The screenshot is at imgur.com/2iuiI . "lo" stands for localhost, it's an interface through which local programs can communicate with one another.
-
Malabarba over 13 yearsYeah, I had to read the manual to understand what all those numbers where about. Given that they're all averages, they were all pretty low (like, always below 10KB, instead of above 100KB). This problem happened to me twice in the last week. So, if it shows up again, I'll check the numbers again, and I'll check the lo interface too. I'm connected at work, and wouldn't be surprised if their local network is causing this abnormal traffic.
-
Li Lo over 13 yearsI'm downloading something with JDownloader and the figures from iftop match the figures from JDownloader. System monitor says I'm not downloading anything. Between the two I choose to trust iftop.
-
Li Lo over 13 yearsOn closer inspection it's really annoying that it assumes the terminal is always 80 characters wide and truncates the command.
-
aidan almost 9 years
nethogs
is nice, but it seems to use way more cpu on my computer thaniftop
-
Rmano about 8 yearsBe warned of a bug making some versions of
nethog
unusable: askubuntu.com/questions/726601/… -
Shadi over 6 yearsnot available with ubuntu 17.04 (zesty)
-
arjun about 6 yearsnethogs dont retain information. If some program stopped its internet usage, and you had fired up later, you would miss that info and never the defaulting app.
-
dw1 over 5 yearssee packages.ntop.org/apt-stable for repos for later versions of ubuntu. also it's
apt-get install ntopng
-
Gabriel Staples over 4 yearsI ran
sudo nethogs eth5
and got this error:creating socket failed while establishing local IP - are you root?
. Turns out it was because my version of nethogs was old.nethogs -V
showed my version was 0.8.0. Apparently v0.8.1 or later fixes this problem, so I followed these instructions to install to the latest, which is 0.8.5: askubuntu.com/questions/726601/…. Now it works perfectly! Note that the latest releases are here: github.com/raboof/nethogs/releases. -
Gabriel Staples over 4 yearsAlso, nethogs isn't picking up everything at all! System Monitor is showing I'm receiving continually at 47 Mbps (which is HUGE bandwidth usage!), but nethogs isn't showing this traffic at all!
-
Philippe Paré about 4 yearsIt has its own local server, and is sooo confusing...
-
Dagelf almost 4 yearsYou're obviously monitoring the wrong interface
-
SaTa over 3 yearsI have the same issue as as @GabrielStaples. I see a huge difference between system monitor and and nethogs.
-
Gabriel Staples over 3 years@SaTa @Dagelf, still happening. I had 20Mbps upload and download for like 2 hrs straight. No idea what it was.
nethogs
showed no traffic greater than a few kb/sec. I have only one wifi interface so I'm sure I'm choosing the right one. No ethernet cable is plugged in either. Maybe it was ansshfs
session I had open and could't unmount for some reason? I don't know. I rebooted to stop it. -
SaTa about 3 years@GabrielStaples, In my case it seemed that a lot of the traffic was coming through UDP. Running
sudo nethogs -C
picked up that traffic and started to show values close to sys monitor. -
Gabriel Staples about 3 years@SaTa,
nethogs
doesn't have a-C
option.nethogs -V
shows my version isversion 0.8.5-2build2
. I installed it on Ubuntu 20.04 just now withsudo apt install nethogs
. What is your nethogs version? -
SaTa about 3 years@GabrielStaples Yes, the official one does not have it. Clone their repo here. Then, install Debian/Ubuntu dependency and build. You don't need to install it. It will run after
make
withsudo ./src/nethogs
. -
ikwyl6 over 2 years@Ben For the -v3 flag.. Do you know how I can get cumulative and per second at same time. Possible?