How do I find out which process is eating up my bandwidth?

I think I'm being the victim of a bug here. Sometimes while I'm working (I still don't know why), my network traffic goes up to 200 KB/s and stays that way, even tough I'm not doing anything internet-related.

This sometimes happens to me with the CPU usage. When it does, I just run a top command to find out which process is responsible and then kill it. Problem is: I have no way of knowing which process is responsible for my high network usage. Both the resource monitor and the top command only tell me my total network usage, neither of them tells me process specific network info.

I've found questions here about monitoring total bandwidth usage, but, as I mentioned, that's not what I need. Is there another command I can use to find out which process is getting out of hand?

The command iftop gives results that disagree entirely with the information reported by System Monitor. While the latter claims there's high network traffic, the former claims there's barely 1 KB/s.

I've already tried killing all the obvious ones (Firefox, update-manager, Pidgin, etc) with no luck. So far, restarting the machine is the only way I found of getting rid of the issue.

Thanks, the command seems to work, but I'm getting strange results. System monitor claims a total of around 180KB/s, while iftop claims a total of barely 1 kilobyte per second.

I'm accepting the answer since it does answer the original question. But I'll be nice if I can figure out what's going on here.

iptop displays stats for a single interface. I'm not sure if System monitor looks at only one interface or all of them. If that's the case then there will be traffic shown by System monitor but not shown by iftop, which is OK because you only want to be looking at your internet interface anyway (and not lo). I just tested iftop on my system and it showed what I expected it to. Be aware though that iftop displays averages over 2s,10s,40s respectively. I ran iftop like 'sudo iftop -i eth0 -nPB', how did you run it?

I ran it as sudo iftop -B -i eth0, that means it was only looking at my internet traffic right? It didn't occur to me that the system monitor might be checking other interfaces as well. Ironically, the problem disappeared 10 minutes ago (after many hours), so I can't check iftop again for now. What does the lo interface stand for?

Since there are a lot of numbers on the iftop screen I've created a screenshot where I highlited the number you're interested in. Compare that to System monitor. The screenshot is at imgur.com/2iuiI . "lo" stands for localhost, it's an interface through which local programs can communicate with one another.

Yeah, I had to read the manual to understand what all those numbers where about. Given that they're all averages, they were all pretty low (like, always below 10KB, instead of above 100KB). This problem happened to me twice in the last week. So, if it shows up again, I'll check the numbers again, and I'll check the lo interface too. I'm connected at work, and wouldn't be surprised if their local network is causing this abnormal traffic.

I'm downloading something with JDownloader and the figures from iftop match the figures from JDownloader. System monitor says I'm not downloading anything. Between the two I choose to trust iftop.

On closer inspection it's really annoying that it assumes the terminal is always 80 characters wide and truncates the command.

nethogs is nice, but it seems to use way more cpu on my computer than iftop

Be warned of a bug making some versions of nethog unusable: askubuntu.com/questions/726601/…

not available with ubuntu 17.04 (zesty)

nethogs dont retain information. If some program stopped its internet usage, and you had fired up later, you would miss that info and never the defaulting app.

see packages.ntop.org/apt-stable for repos for later versions of ubuntu. also it's apt-get install ntopng

I ran sudo nethogs eth5 and got this error: creating socket failed while establishing local IP - are you root?. Turns out it was because my version of nethogs was old. nethogs -V showed my version was 0.8.0. Apparently v0.8.1 or later fixes this problem, so I followed these instructions to install to the latest, which is 0.8.5: askubuntu.com/questions/726601/…. Now it works perfectly! Note that the latest releases are here: github.com/raboof/nethogs/releases.

Also, nethogs isn't picking up everything at all! System Monitor is showing I'm receiving continually at 47 Mbps (which is HUGE bandwidth usage!), but nethogs isn't showing this traffic at all!

It has its own local server, and is sooo confusing...

You're obviously monitoring the wrong interface

I have the same issue as as @GabrielStaples. I see a huge difference between system monitor and and nethogs.

@SaTa @Dagelf, still happening. I had 20Mbps upload and download for like 2 hrs straight. No idea what it was. nethogs showed no traffic greater than a few kb/sec. I have only one wifi interface so I'm sure I'm choosing the right one. No ethernet cable is plugged in either. Maybe it was an sshfs session I had open and could't unmount for some reason? I don't know. I rebooted to stop it.

@GabrielStaples, In my case it seemed that a lot of the traffic was coming through UDP. Running sudo nethogs -C picked up that traffic and started to show values close to sys monitor.

@SaTa, nethogs doesn't have a -C option. nethogs -V shows my version is version 0.8.5-2build2. I installed it on Ubuntu 20.04 just now with sudo apt install nethogs. What is your nethogs version?

@GabrielStaples Yes, the official one does not have it. Clone their repo here. Then, install Debian/Ubuntu dependency and build. You don't need to install it. It will run after make with sudo ./src/nethogs.

@Ben For the -v3 flag.. Do you know how I can get cumulative and per second at same time. Possible?