emanem / nettop Goto Github PK

View Code? Open in Web Editor NEW

224.0 17.0 26.0 66 KB

Utility to show network traffic (both TCP and UDP v4 and v6) split by process and remote host

Home Page: http://nettop.youlink.org/

License: GNU General Public License v3.0

Makefile 3.24% C++ 96.76%

network linux cpp libpcap

nettop's Introduction

nettop

Utility to show network traffic (both TCP and UDP v4 and v6) split by process and remote host. You can find more info (albeit slightly outdated) here.

Building

Download the repository and invoke make (make release for optimized build - reccomended when you want to use it properly and not degbugging/experimenting with it). Please note you need to have some dependencies satisfied (see following).

libpcap

nettop relies on libpacap to intercept all packets and deliver a copy to the application. On Ubuntu and Debian derivatives you should install the -dev version (i.e. sudo apt install libpcap-dev).

ncurses

nettop relies on ncurses to facilitate the UI drawing on console; on Ubuntu-like systems please install libncurses5-dev or more recent to allow compiling.

Running

All commands

Usage: ./nettop [options]
Executes nettop 0.5

-r, --refresh s			sets the refresh rate in 's' seconds (default 3)
-c, --capture (a|s|r)		Capture mode for 'a'll, 's'end and 'r'ecv only (default 'a')
-o, --order (a|d)		Ordering of results, 'a'scending, 'd'escending (default 'd')
    --filter-zero		Set to filter all zero results (default not set)
    --tcp-udp-split		Displays split of TCP and UDP traffic in % (default not set)
-n, --no-resolve		Do not resolve addresses, leave IPs to be displayed
-a, --async-log-file (file)	Sets an output file where to store the packets attribued to the 'kernel' (default not set)
-l, --limit-hosts-rows		Limits maximum number of hosts rows per pid (default no limit)
    --help			prints this help and exit

Press 'q' or 'ESC' inside nettop to quit, 'SPACE' or 'p' to pause nettop

Sample usage

sudo ./nettop --tcp-udp-split --limit-hosts-rows 20

This will start nettop and split between TCP and UDP usage, limiting how many hosts to display by the topmost 20.

sudo requirements

Please note nettop needs to have root privileges to intercept all packets incoming and outgoing from current computer. Without root access it's unlikely to run.

F.A.Q.

Why did you build this?

I wanted to have a simple utility to monitor the network usage of all my processes, especially trying to understand where my data was coming from and going to. I couldn't find anything which would just do this out of the box, so I wrote a utility.

Is it safe to run as root?

I would think so - anyhow, look at the sources. If you don't trust what I'm doing, download the repo, inspect the code, compile, play around and let me know!

what are the 5 numbers between brackets on top left?

They do represent the following:

Total packets intercepted by libpcap (not only TCP and UDP, but potentially other IP types and non IP - rare these days)
Total packets which were not processed by nettop (i.e. all the non TCP nor UDP packets)
Undetermined packets - i.e. packets sent from and to the local computer (i.e. not touching the network cards), or also when packets have got both remote sources and destinations (i.e. applications spoofing IP address?)
Total unmapped received packets: nettop could not attribute these packets to any current PID, hence it will assing them to PID 0. This might be due to the fact that for current interval we took a snapshot of running processes after parsing the packets, hence we could not link the PIDs - or also, when you use APIs such as gethostbyname, the kernel will resolve and use the network for you, hence PID 0.
Total unmapped sent packets; as above but for sent packets

Credits

Thanks to Linux for being open source and to:

libpcap For providing this awesome tool to intercept packets host wide
ncurses Without whom I wouldn't be able to draw a single element on the screen without pain and agony!

nettop's People

Contributors

Stargazers

Watchers

nettop's Issues

nettop exits when window is resized on i3

Hi, with the latest commit b79390c , on i3wm, the nettop program exits when its windows is resized. This started happening when I pulled and ran with the aforementioned commit

Error shown is:

Exception: Error in epoll_wait: Interrupted system call

$ make release
mkdir -p obj
touch obj/__setup_obj_dir
g++ -g -Wall -std=c++11 -pthread  -O3 -D_RELEASE src/settings.cpp -c -o obj/settings.o
g++ -g -Wall -std=c++11 -pthread  -O3 -D_RELEASE src/main.cpp -c -o obj/main.o
g++ -g -Wall -std=c++11 -pthread  -O3 -D_RELEASE src/packet_stats.cpp -c -o obj/packet_stats.o
g++ -g -Wall -std=c++11 -pthread  -O3 -D_RELEASE src/async_log.cpp -c -o obj/async_log.o
g++ -g -Wall -std=c++11 -pthread  -O3 -D_RELEASE src/proc.cpp -c -o obj/proc.o
src/proc.cpp: In constructor ‘nettop::proc_mgr::proc_mgr()’:
src/proc.cpp:79:65: warning: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 107 and 117 [-Wformat-truncation=]
   79 |                         std::snprintf(cur_sd, 128, "/proc/%i/fd/%s", pid, entry->d_name);
      |                                                                 ^~
src/proc.cpp:79:38: note: ‘snprintf’ output between 12 and 277 bytes into a destination of size 128
   79 |                         std::snprintf(cur_sd, 128, "/proc/%i/fd/%s", pid, entry->d_name);
      |                         ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
g++ -g -Wall -std=c++11 -pthread  -O3 -D_RELEASE src/name_res.cpp -c -o obj/name_res.o
In file included from src/name_res.cpp:20:
src/name_res.h:39:22: error: ‘shared_ptr’ in namespace ‘std’ does not name a template type
   39 |                 std::shared_ptr<std::thread>    thrd_;
      |                      ^~~~~~~~~~
src/name_res.h:29:1: note: ‘std::shared_ptr’ is defined in header ‘<memory>’; did you forget to ‘#include <memory>’?
   28 | #include <map>
  +++ |+#include <memory>
   29 | 
src/name_res.cpp: In constructor ‘nettop::name_res::name_res(volatile bool&, bool)’:
src/name_res.cpp:39:9: error: ‘thrd_’ was not declared in this scope
   39 |         thrd_ = std::shared_ptr<std::thread>(do_not_resolve ? 0 : new std::thread(&name_res::thread_proc, this));
      |         ^~~~~
src/name_res.cpp:39:22: error: ‘shared_ptr’ is not a member of ‘std’
   39 |         thrd_ = std::shared_ptr<std::thread>(do_not_resolve ? 0 : new std::thread(&name_res::thread_proc, this));
      |                      ^~~~~~~~~~
src/name_res.cpp:21:1: note: ‘std::shared_ptr’ is defined in header ‘<memory>’; did you forget to ‘#include <memory>’?
   20 | #include "name_res.h"
  +++ |+#include <memory>
   21 | 
src/name_res.cpp:39:44: error: expected primary-expression before ‘>’ token
   39 |         thrd_ = std::shared_ptr<std::thread>(do_not_resolve ? 0 : new std::thread(&name_res::thread_proc, this));
      |                                            ^
src/name_res.cpp: In member function ‘std::string nettop::name_res::to_str(const addr_t&)’:
src/name_res.cpp:45:14: error: ‘thrd_’ was not declared in this scope
   45 |         if (!thrd_)
      |              ^~~~~
src/name_res.cpp: In destructor ‘nettop::name_res::~name_res()’:
src/name_res.cpp:60:12: error: ‘thrd_’ was not declared in this scope
   60 |         if(thrd_)
      |            ^~~~~
make: *** [Makefile:39: obj/name_res.o] Error 1

Is the problem on my side? If not, could you please help compiling it?

Thanks!

Add a pause option

Can you add a pause option?
It's desireable to analize each ip per application, an avoid it disappear with every screen refresh.
Thanks