Easily Find Out Which Process Is Using Too Much Bandwidth in Linux

While there are many network monitoring tools available for Linux, most of them monitor network traffic to and from your computer or a particular interface. However, there are times when you want to nail down a particular process that’s using up too much of the bandwidth, and there is a tool, dubbed NetHogs, that lets you do just that.

In this article, we will discuss the basics of NetHogs as well as the features it provides.


According to the utility’s man page, NetHogs is a small “net top” tool. Instead of breaking the network traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.

If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this, making it easy to identify programs that have gone wild and are suddenly taking up your bandwidth. Since NetHogs heavily relies on “/proc,” it currently runs on Linux only.


Users of Debian-based systems like Ubuntu can easily download and install the tool using the following command:

sudo apt-get install nethogs

If you’re using any other distribution, you can check out the details provided at NetHog’s official website. Another point worth noting is that the tool requires libpcap and ncurses, so make sure you have libncurses5-dev and libpcap0.8-dev installed.


NetHogs is fairly simple to use; just run the nethogs command without any command line option, and it will display the bandwidth used by each process. The following is the snapshot of the output produced by the tool on my system:


As you can see in the screenshot, the NetHogs tool displays details like the PID, username, process, network interface being used, and the speed at which data is being sent and received.

Set custom refresh rate

By default, NetHog’s output is refreshed after a delay of 1 second, but you can use the -d command line option to set this delay as per your requirement. For example, to set a delay of 3 seconds, use the following command:

sudo nethogs -d 3

Specify interface

You can also ask NetHogs to monitor traffic on a particular network interface by specifying the interface name on the command line. For example, to monitor traffic on eth1, you can use the following command:

sudo nethogs eth1

Note: you can use the -p command line option to sniff the traffic in promiscuous mode, although it is not recommended.

Keyboard shortcuts

The tool also provides some keyboard shortcuts which you can use to control the way the output is displayed. For example, while the command is running, you can press the “m” key to change the units in which sent and received data is displayed – each time you press the key, the unit will cycle between kb/s, kb, b, and mb.

Here is an example where traffic is displayed in MBs:


Similarly, you can press “s” and “r” to sort the output by data sent and received, respectively. And as always, “q” is for quitting the output.


NetHogs is ideal for cases when you want to catch and kill the process that’s working unexpectedly by eating up a lot of bandwidth. Plus, it’s an open source utility, which means you can study the way it works, and can even customize it the way you want.

Have you ever used NetHogs or any other similar tool? How was your experience? Share your thoughts in the comments below.

Himanshu Arora
Himanshu Arora

Himanshu Arora is a freelance technical writer by profession but a software programmer and Linux researcher at heart. He covers software tutorials, reviews, tips/tricks, and more. Some of his articles have been featured on IBM developerworks, ComputerWorld, and in Linux Journal.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox