Easily Find Out Which Process Is Using Too Much Bandwidth in Linux

While there are many network monitoring tools available for Linux, most of them monitor network traffic to and from your computer or a particular interface. However, there are times when you want to nail down a particular process that’s using up too much of the bandwidth, and there is a tool, dubbed NetHogs, that lets you do just that.

In this article, we will discuss the basics of NetHogs as well as the features it provides.


According to the utility’s man page, NetHogs is a small “net top” tool. Instead of breaking the network traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.

If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this, making it easy to identify programs that have gone wild and are suddenly taking up your bandwidth. Since NetHogs heavily relies on “/proc,” it currently runs on Linux only.


Users of Debian-based systems like Ubuntu can easily download and install the tool using the following command:

If you’re using any other distribution, you can check out the details provided at NetHog’s official website. Another point worth noting is that the tool requires libpcap and ncurses, so make sure you have libncurses5-dev and libpcap0.8-dev installed.


NetHogs is fairly simple to use; just run the nethogs command without any command line option, and it will display the bandwidth used by each process. The following is the snapshot of the output produced by the tool on my system:


As you can see in the screenshot, the NetHogs tool displays details like the PID, username, process, network interface being used, and the speed at which data is being sent and received.

Set custom refresh rate

By default, NetHog’s output is refreshed after a delay of 1 second, but you can use the -d command line option to set this delay as per your requirement. For example, to set a delay of 3 seconds, use the following command:

Specify interface

You can also ask NetHogs to monitor traffic on a particular network interface by specifying the interface name on the command line. For example, to monitor traffic on eth1, you can use the following command:

Note: you can use the -p command line option to sniff the traffic in promiscuous mode, although it is not recommended.

Keyboard shortcuts

The tool also provides some keyboard shortcuts which you can use to control the way the output is displayed. For example, while the command is running, you can press the “m” key to change the units in which sent and received data is displayed – each time you press the key, the unit will cycle between kb/s, kb, b, and mb.

Here is an example where traffic is displayed in MBs:


Similarly, you can press “s” and “r” to sort the output by data sent and received, respectively. And as always, “q” is for quitting the output.


NetHogs is ideal for cases when you want to catch and kill the process that’s working unexpectedly by eating up a lot of bandwidth. Plus, it’s an open source utility, which means you can study the way it works, and can even customize it the way you want.

Have you ever used NetHogs or any other similar tool? How was your experience? Share your thoughts in the comments below.

Himanshu Arora Himanshu Arora

Himanshu Arora is a freelance technical writer by profession but a software programmer and Linux researcher at heart. He covers software tutorials, reviews, tips/tricks, and more. Some of his articles have been featured on IBM developerworks, ComputerWorld, and in Linux Journal.


  1. Nethogs is pretty cool–installed it on fedora 20 and found many processes running I didn’t expect to use bandwidth.

  2. ..theres actually an easier way.. and you can shutdown the apps if you like.. just open system monitor from the system administration menu.. its already available when you install ubuntu.. the system monitor have 4 tabs.. the first tab – system tab – tells you about your system – ubuntu version, hardware, & system status… the next tab –processes tab – tells you exactly what are the apps currently running – you can select active processes, all processes or my processes… the next tab – resources tab – shows you a visual graph of the CPU usage, the memory usage, & bandwidth usage.. & the last tab – file systems tab – shows you file system status… if you want to stop or kill an app running, you just right click the app from the second tab – processes tab – to stop the app instantly.. the second tab also shows you how much memory each of the apps is using… if you open several tabs from your Firefox web browser, you will see that its using a lot of memory.. kill the Firefox apps from the processes tab and you will see from the resources tab all the graph drops.. releasing precious memory, bandwidth and CPU resources..

  3. Thank you for introducing this great tool :)
    I tested it on my laptop (CentOS 6.5).

Comments are closed.