318

I think I'm being the victim of a bug here. Sometimes while I'm working (I still don't know why), my network traffic goes up to 200 KB/s and stays that way, even tough I'm not doing anything internet-related.

This sometimes happens to me with the CPU usage. When it does, I just run a top command to find out which process is responsible and then kill it. Problem is: I have no way of knowing which process is responsible for my high network usage. Both the resource monitor and the top command only tell me my total network usage, neither of them tells me process specific network info.

I've found questions here about monitoring total bandwidth usage, but, as I mentioned, that's not what I need. Is there another command I can use to find out which process is getting out of hand?

The command iftop gives results that disagree entirely with the information reported by System Monitor. While the latter claims there's high network traffic, the former claims there's barely 1 KB/s.

I've already tried killing all the obvious ones (Firefox, update-manager, Pidgin, etc) with no luck. So far, restarting the machine is the only way I found of getting rid of the issue.

Flyk
  • 1,480
  • 3
  • 18
  • 24
Malabarba
  • 10,546

6 Answers6

393

I've had a lot of success with nethogs. It has to run as root but there are different ways you can sort the statistics (like KB/s or total bandwidth monitored since nethogs started).

Also, if you use wireless you need to pass the device to it.

Install it with command: sudo apt-get install nethogs

Just run

sudo nethogs

If you want to check the total cumulative sum of bandwidth consumed since you open nethogs, do (it's useful to see which programs consume more bandwidth over the long run)

sudo nethogs -v 3
João Pimentel Ferreira
  • 1,354
Ben
  • 4,362
82

Use iftop to locate the TCP port on your machine that is receiving the most traffic. Then use sudo netstat -tup to locate the process "owning" that port.

That's the process you're looking for.

PS: Should work for UDP too.

Li Lo
  • 16,382
18

You might want to look into ntop - which should monitor network activity on a process level. You can find ntop in the Software Center or with sudo apt-get install ntop

For installation instruction, follow their page http://packages.ntop.org/

Anwar
  • 77,855
Marco Ceppi
  • 48,827
14

Here's one I like, it tells you what's reading from the network the most, anyway (doesn't seem to work for which one is "writing to" the network, so...you get half).

$ sudo apt install dstat
then
$ dstat --net --top-io-adv
-net/total- -------most-expensive-i/o-process-------
 recv  send|process              pid  read write cpu
   0     0 |chrome               1885   19k  17k0.4%
 504B  734B|chrome               1923    0   66k0.2%
 651k   18k|chrome               1923  597k 593k2.0%
  19k   26k|gnome-terminal-      25834 429B  59k0.8%
rogerdpack
  • 1,029
9

Another alternative is iptraf. It won't show you the PID of the process, but will tell you which connection uses how much bandwidth.

0xC0000022L
  • 5,870
Dennis Kaarsemaker
  • 6,904
8

Late answer, but I had the same problem. Turned out to be Ubuntuone. Found that by running tcpdump. I went through the same learning curve on process identification.

From my notes:

Ubuntu box connection information

Started up my Ubuntu 10.04 desktop this morning to find that after a few minutes the Internet connection is crawling. I've seen this on Windows boxes before, and 99% of the time it's spyware. So, I needed to investigate...command line style.

tcpdump. Shows Ubuntuone going crazy.

System>Preferences>Ubuntu One. Turn all synchronization off. That did it.

So, I'm thinking I'd like to see all network connections and what they're doing. I can

netstat -cW (list network connections continuously in wide format so foreign addresses aren't truncated)

lsof -i |grep -v 'localhost' (list open files matching an Internet address of any, grep to remove any open files associated with localhost -- my thought here being that I don't want to see local services as they likely will not affect network utilization).

Some things to take away:

  1. Need to learn about Ubuntu logs for troubleshooting.
  2. Need to learn more about tcpdump, so I'll start with this tutorial by Daniel Miessler.

Editor's note: This answer was referring to tinker's blogspot article which is meant for invited users only. Since this answer has appreciable upvotes, so it is valuable. I found a copy of article on Wayback Machine. And included that here.

Kulfy
  • 18,154
tinker
  • 979