When your Linux system experiences unexpected network activity, the first step is identifying which processes are responsible. While GNOME System Monitor provides basic network usage information, we need more granular tools for developer-level analysis.
For Ubuntu 10.10 and other Linux distributions, these command-line utilities offer detailed network monitoring:
# Basic process network usage overview
sudo apt-get install nethogs
sudo nethogs
# Continuous monitoring with refresh
sudo nethogs -d 2 # refreshes every 2 seconds
For connection-level details including remote IPs and ports:
sudo apt-get install iftop
sudo iftop -nNP # -n disables DNS resolution, -P shows ports
Combine multiple tools for comprehensive analysis:
# List all processes with network connections
sudo lsof -i
# Filter by established connections
sudo lsof -i | grep ESTABLISHED
# Show network statistics per process
sudo ss -tulnp
For long-term monitoring, consider these approaches:
# Install vnStat for persistent traffic monitoring
sudo apt-get install vnstat
vnstat -l # live monitoring
# Alternative: iptraf-ng
sudo apt-get install iptraf-ng
sudo iptraf-ng
For those preferring graphical interfaces:
- Wireshark (sudo apt-get install wireshark)
- EtherApe (sudo apt-get install etherape)
- Darkstat (sudo apt-get install darkstat)
Create a simple bash script to monitor suspicious activity:
#!/bin/bash
threshold=10000 # KB/s
while true; do
suspicious=$(sudo nethogs -t | awk '$3 > '$threshold' {print $2}')
if [ -n "$suspicious" ]; then
echo "ALERT: High network usage by $suspicious"
# Add notification or logging here
fi
sleep 5
done
When troubleshooting performance issues on Ubuntu systems, identifying network-intensive processes is crucial. While Gnome System Monitor provides basic network usage visualization, we need deeper insights into per-process bandwidth consumption and connection details.
iftop for Interface-Level Monitoring
First install this essential tool:
sudo apt-get install iftop
sudo iftop -n -PThe -P flag shows port numbers, while -n prevents DNS resolution for faster output. This gives real-time bandwidth per connection but doesn't show process names.
nethogs for Process-Level Visibility
Install and run:
sudo apt-get install nethogs
sudo nethogsThis shows processes with their download/upload rates in real-time. Example output:
PID USER PROGRAM DEV SENT RECEIVED
1234 user firefox eth0 12.453KB 432.123KB
5678 root /usr/lib/apt/meth... eth0 0.000KB 1.432MB
ss + lsof Combination
For detailed connection mapping:
sudo ss -tulnp
sudo lsof -i -P -nCombine with grep for specific processes:
lsof -i -P -n | grep ESTABLISHED | awk '{print $1, $2, $8, $9}'Continuous Monitoring with watch
For dynamic updates every 2 seconds:
watch -n 2 "lsof -i -P -n | grep ESTABLISHED"While modern systems have more options, these were available for 10.10:
sudo apt-get install wireshark-gtk
sudo apt-get install gnome-nettoolFor persistent monitoring, create this bash script:
#!/bin/bash
while true; do
clear
date
echo "====================="
echo "Active Network Connections"
echo "---------------------"
sudo netstat -tulpen | grep -v "0 0"
echo "====================="
echo "Bandwidth by Process"
echo "---------------------"
sudo nethogs -t -v 3
sleep 5
doneFor post-mortem analysis of network spikes:
sudo apt-get install vnstat
vnstat -q
vnstat -d