Do you suspect that some process running on your box is using up a lot of network bandwidth? Would like to investigate and identify the culprit? If so, you need the nethogs utility.
NetHogs is a nice little utility (like a networking version of top) for keeping tabs on what network activity each process on your sytem is doing. If you want to quickly find out what processes are causing all the network activity on your box, this is the utility you're looking for.
To install nethogs, run the following command:
sudo apt-get install nethogs
To fire it up, you'll need root permissions, so run with sudo:
The sent and received columns show the amount of traffic being moved around per process. While the total sent and received bandwidth usage is shown at the bottom. The sort order can be changed using the interactive controls explained below.
Notable command line options are "-d" to specify a refresh rate, and "-device" to monitor bandwith relating to a specific device or devices (the default is eth0). e.g. to set the refresh rate to every 5 seconds, start nethogs with:
sudo nethogs -d 5
To monitor the network bandwith for your eth2 interface only, use:
sudo nethogs -device eth2
To monitor bandwith for both eth0 and eth1 interfaces, use:
sudo nethogs -device eth0 eth1
To change the units displayed for the bandwidth hit m (These are the available units: KB/sec -> KB -> B-> MB). To sort by magnitude of sent traffic or received traffic, hit s or r respectively. You can quit in the same fashion as top by hitting q. For a full list of command line options and more info, see the man page.
Usually there is a clear process name under the "Program" column which identifies which process is causing the network traffic usage. However, when there's a spawned thread causing the network usage, you may see something like:
This basically tells us that a local thread is using port 45678 to communicate with a box having IP Address of 18.104.22.168 and remote port 80. Port 80 tells us that it is probably http traffic, so in this case the thread is talking to a website.
Thanks to Arnout Engelen for writing this useful little tool.