Comments (17)
cgx027
commented on August 14, 2024
1
Any chance that the process name or PID be show up with -t option?
from nethogs.
raboof
commented on August 14, 2024
Does the '-t' flag help? This puts nethogs in 'trace mode', which should be somewhat easier to digest automatically.
If you can tell me some more about your use case I'd be happy to help find the best approach.
from nethogs.
cgx027
commented on August 14, 2024
Thanks @raboof for the help. I am working with @heckj on this case so let me add few information here.
- I tried -t flag but nethogs seems hang up waiting for the first package to arrive.
sudo nethogs -t
Adding local address: 10.62.59.150
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
- If I ran nethogs without -t flag, it gave me a running list of processes that is sending/receiving packages but most of them are with PID marked as '?'
sudo nethogs
NetHogs version 0.8.0
PID USER PROGRAM DEV SENT RECEIVED
? root 10.62.59.250:58925-10.62.59.245:443 0.000 4.589 KB/sec
? root 10.62.59.250:54035-10.62.34.17:443 0.000 1.161 KB/sec
? root 10.62.59.245:902-10.32.100.62:52959 0.000 0.957 KB/sec
? root 10.171.75.107:53910-10.62.59.200:445 0.000 0.588 KB/sec
? root 10.32.100.62:55804-10.62.59.245:80 0.000 0.170 KB/sec
? root 10.62.59.227:36731-10.62.59.229:445 0.000 0.163 KB/sec
29624 onrack sshd: onrack@pts/1 eth0 3.852 0.135 KB/sec
? root 10.62.59.180:52134-10.171.75.26:445 0.000 0.029 KB/sec
? root 10.62.59.242:716-10.62.59.130:2049 0.000 0.025 KB/sec
? root 10.62.59.242:50223-216.58.197.46:443 0.000 0.012 KB/sec
? root 10.171.75.108:49161-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.171.75.108:49160-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.62.59.250:54563-10.62.34.20:2014 0.000 0.000 KB/sec
? root 10.62.59.242:50314-216.58.197.46:443 0.000 0.000 KB/sec
? root 10.62.59.242:50313-216.58.197.46:443 0.000 0.000 KB/sec
? root 10.62.59.250:443-10.62.59.166:57887 0.000 0.000 KB/sec
? root 10.62.59.250:443-10.62.59.166:57890 0.000 0.000 KB/sec
? root 10.62.59.180:52133-10.171.75.26:445 0.000 0.000 KB/sec
? root 10.171.75.108:49159-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.171.75.108:49158-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.62.59.166:50309-10.62.59.250:80 0.000 0.000 KB/sec
? root 10.62.59.180:52132-10.171.75.26:445 0.000 0.000 KB/sec
? root 10.62.59.166:50308-10.62.59.250:80 0.000 0.000 KB/sec
? root 10.62.59.250:41870-10.62.54.20:443 0.000 0.000 KB/sec
? root 10.62.59.250:60681-10.62.34.20:443 0.000 0.000 KB/sec
? root 10.62.59.180:52131-10.171.75.26:445 0.000 0.000 KB/sec
? root 10.171.75.108:49157-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.171.75.108:49156-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.62.59.250:35892-10.62.34.20:389 0.000 0.000 KB/sec
? root 10.62.59.242:904-10.62.59.130:2049 0.000 0.000 KB/sec
? root 10.62.59.180:52130-10.171.75.26:445 0.000 0.000 KB/sec
? root 10.32.100.128:52384-10.62.59.170:22 0.000 0.000 KB/sec
? root 10.171.75.108:65534-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.171.75.108:65533-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.62.59.242:37881-10.99.248.20:22 0.000 0.000 KB/sec
? root 10.62.59.250:60660-10.62.34.20:443 0.000 0.000 KB/sec
? root 10.62.59.180:52129-10.171.75.26:445 0.000 0.000 KB/sec
? root 10.62.59.250:48706-10.62.34.20:2014 0.000 0.000 KB/sec
? root 10.171.75.108:65532-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.171.75.108:65531-10.62.59.208:7443 0.000 0.000 KB/sec
? root 10.62.59.180:52128-10.171.75.26:445 0.000 0.000 KB/sec
? root 10.32.100.122:61958-10.62.59.196:22 0.000 0.000 KB/sec
? root 10.62.57.58:443-10.62.59.242:50534 0.000 0.000 KB/sec
? root 10.62.59.242:50222-216.58.197.46:443 0.000 0.000 KB/sec
? root 10.62.59.250:443-10.171.75.107:50167 0.000 0.000 KB/sec
? root 10.62.59.250:60602-10.62.34.20:443 0.000 0.000 KB/sec
? root 10.171.74.59:54040-10.62.59.243:22 0.000 0.000 KB/sec
? root 10.62.59.250:34564-10.62.34.20:636 0.000 0.000 KB/sec
? root 10.62.59.250:40867-10.62.34.20:636 0.000 0.000 KB/sec
? root 10.62.59.250:59580-10.62.34.20:443 0.000 0.000 KB/sec
? root 10.171.75.107:64174-10.62.59.202:22 0.000 0.000 KB/sec
? root 10.62.59.250:34157-10.62.34.20:636 0.000 0.000 KB/sec
? root 10.62.59.242:800-10.62.59.130:2049 0.000 0.000 KB/sec
? root 10.171.75.107:64172-10.62.59.202:22 0.000 0.000 KB/sec
? root 10.171.75.107:54049-10.62.59.200:22 0.000 0.000 KB/sec
? root unknown TCP 0.000 0.000 KB/sec
TOTAL 3.852 7.829 KB/sec
- I had a nodejs process running aside of nethogs, listening at port 8443. I am injecting traffic to the nodejs process by manually sending HTTP request but I am not able to find the traffic logged by nethogs on the screen. I guess that's because the traffic is too small and nethogs only show it in a flash.
from nethogs.
raboof
commented on August 14, 2024
The difference between running with and without -t is interesting, I'd like to dig into what's causing that.
I see you're running nethogs 0.8.0, I'd be interested to know if there are any changes when you're running the latest master.
from nethogs.
cgx027
commented on August 14, 2024
@raboof, I tried the latest master, and the -t works now. I attached the log at the end of this post.
It seems the process name(or PID) is is missing for most of the traffics, only sshd is an exception in my case.
Log with -t option:
./nethogs -t
Adding local address: 192.168.127.41
Adding local address: fe80::250:56ff:feaa:3752
Ethernet link detected
Adding local address: 192.168.191.203
Adding local address: fe80::20c:29ff:fe79:cd7a
Ethernet link detected
Adding local address: 172.31.128.1
Adding local address: fe80::20c:29ff:fe79:cd70
Ethernet link detected
Adding local address: 10.62.59.150
Adding local address: fe80::20c:29ff:fe79:cd66
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
Refreshing:
10.171.75.107:61380-10.62.59.202:22/0/0 0 0.424609
10.62.59.202:22-10.171.75.107:61380/0/0 0 0.0703125
10.171.75.107:52155-10.62.59.245:902/0/0 0 0.0326172
10.62.59.245:902-10.171.75.107:52155/0/0 0 0.0177734
sshd: onrack@pts/1/29624/1001 0.0363281 0.0117188
unknown TCP/0/0 0 0
Refreshing:
10.171.75.107:61380-10.62.59.202:22/0/0 0 0.851172
10.62.59.202:22-10.171.75.107:61380/0/0 0 0.140625
10.171.75.107:52155-10.62.59.245:902/0/0 0 0.0652344
sshd: onrack@pts/1/29624/1001 0.250781 0.046875
10.62.59.245:902-10.171.75.107:52155/0/0 0 0.0355469
10.62.59.242:716-10.62.59.130:2049/0/0 0 0.0128906
10.62.59.130:2049-10.62.59.242:716/0/0 0 0.0117188
unknown TCP/0/0 0 0
from nethogs.
raboof
commented on August 14, 2024
@cgx027 Good to hear '-t' works with the latest master.
It should show process names, PID's and UID's, like the interactive UI. Do you see differences in the amount of 'unrecognized' connections between the ncurses and the trace UI?
from nethogs.
cgx027
commented on August 14, 2024
@raboof no difference that I am aware of. Any suggestions for debugging?
from nethogs.
raboof
commented on August 14, 2024
OK that's good. Could you run 'nethogs -b' for a while and send me the output? that might give a clue (though probably we'll need to add some extra diagnostics to that later)
from nethogs.
jencek123
commented on August 14, 2024
Hello, I don´t wanna start new topic but I have same problem with nethogs -t command. I am using version 0.8.0. How can I upgrade to newest one?
from nethogs.
cgx027
commented on August 14, 2024
Hi @jencek123 , here is what I did (assuming you are working on Ubuntu as I did):
-
Pull down the source code from github
git clone https://github.com/raboof/nethogs.git -
Install packages used for build nethogs
sudo apt-get install ncurses sudo apt-get install libncurses5-dev sudo apt-get install libpcap0.8-dev -
Build and install nethogs
sudo make; sudo make install -
Run nethogs with
-toption to get the log filesudo ./nethogs -t Adding local address: 192.168.127.41 Adding local address: fe80::250:56ff:feaa:3752 Ethernet link detected Adding local address: 192.168.191.203 Adding local address: fe80::20c:29ff:fe79:cd7a Ethernet link detected Adding local address: 172.31.128.1 Adding local address: fe80::20c:29ff:fe79:cd70 Ethernet link detected Adding local address: 10.62.59.150 Adding local address: fe80::20c:29ff:fe79:cd66 Ethernet link detected Waiting for first packet to arrive (see sourceforge.net bug 1019381) Refreshing: 10.32.100.122:55394-10.62.59.250:443/0/0 0 150.17 10.62.59.166:51830-10.62.59.250:443/0/0 0 144.492 10.62.59.166:51828-10.62.59.250:443/0/0 0 144.336 10.171.75.107:56734-10.62.59.250:443/0/0 0 104.945 10.62.59.248:51846-10.62.59.250:443/0/0 0 62.2359 10.62.59.250:443-10.62.59.248:51846/0/0 0 6.74922 10.32.100.122:54480-10.62.59.190:28032/0/0 0 3.58711 10.62.59.242:716-10.62.59.130:2049/0/0 0 0.723828 10.62.59.130:2049-10.62.59.242:716/0/0 0 0.559766 10.62.59.190:28032-10.32.100.122:54480/0/0 0 0.35 sshd: onrack@pts/2/8884/1001 0.0363281 0.0117188 unknown TCP/0/0 0 0
from nethogs.
cgx027
commented on August 14, 2024
Hi @raboof I thought I had posted the log file but seems I missed it. Here it is. Sorry for the delay.
nethogs-b.zip
from nethogs.
raboof
commented on August 14, 2024
@cgx027 I've added some additional diagnostics on master, could you please give it another go?
from nethogs.
akshaykmr
commented on August 14, 2024
Great! I can now see the actual program name as well process id
any chance for the same in case of osx? thanks !
from nethogs.
raboof
commented on August 14, 2024
@akshaykmr good to hear! Let's track OSX support in a separate issue, #61.
from nethogs.
akshaykmr
commented on August 14, 2024
I'm afraid I'm not knowledgeable in this matter -_-'
I am currently trying to make a GUI app and had to move development to linux because of osx problems. same behaviour over linux/osx platform would be ideal.
I will certainly let you know when I have made substantial progress on the same. thanks
from nethogs.
cgx027
commented on August 14, 2024
@raboof the new master does not get me the PID nor process name.
sudo ./nethogs -t
[sudo] password for onrack:
Adding local address: 192.168.127.41
Adding local address: fe80::250:56ff:feaa:3752
Ethernet link detected
Adding local address: 192.168.191.203
Adding local address: fe80::20c:29ff:fe79:cd7a
Ethernet link detected
Adding local address: 10.62.59.150
Adding local address: fe80::20c:29ff:fe79:cd66
Ethernet link detected
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
Refreshing:
10.32.100.122:62426-10.62.59.194:22/0/0 0 0.160938
10.62.59.166:49703-10.62.59.243:22/0/0 0 0.148438
10.62.34.20:636-10.62.59.250:48847/0/0 0 0.133984
10.62.59.194:22-10.32.100.122:62426/0/0 0 0.10625
10.62.59.250:48847-10.62.34.20:636/0/0 0 0.103906
10.62.59.180:22-10.171.74.191:61373/0/0 0 0.0808594
10.171.74.191:61373-10.62.59.180:22/0/0 0 0.0691406
10.32.100.122:56705-10.62.59.194:28004/0/0 0 0.0560547
10.62.59.194:28004-10.32.100.122:56705/0/0 0 0.025
10.62.59.243:22-10.62.59.166:49703/0/0 0 0.0234375
10.62.59.242:63294-216.58.197.46:443/0/0 0 0.0234375
10.62.59.242:898-10.62.59.130:2049/0/0 0 0.0128906
10.62.59.130:2049-10.62.59.242:898/0/0 0 0.0117188
216.58.197.46:443-10.62.59.242:63294/0/0 0 0.0117188
sshd: onrack@pts/1/20571/1001 0.0363281 0.0117188
unknown TCP/0/0 0 0
This is my nethogs -b output:
nethogs-b.zip
from nethogs.
sunshinelym
commented on August 14, 2024
sh-3.2# ./nethogs
Waiting for first packet to arrive (see sourceforge.net bug 1019381)
NetHogs version 0.8.5
PID USER PROGRAM DEV SENT RECEIVED
? root unknown TCP 0.000 0.000 KB/sec
? root 192.168.1.103:50134-54.172.82.229:443 0.000 0.000 KB/sec
? root 192.168.1.103:50091-151.101.228.133:443 0.000 0.000 KB/sec
? root 192.168.1.103:50082-192.30.253.125:443 0.000 0.000 KB/sec
? root 192.168.1.103:50069-52.45.53.80:443 0.000 0.000 KB/sec
? root 192.168.1.103:50136-74.125.204.113:443 0.000 0.000 KB/sec
? root 192.168.1.103:49767-202.108.23.152:443 0.000 0.000 KB/sec
? root 192.168.1.103:50055-192.30.255.112:443 0.000 0.000 KB/sec
? root 192.168.1.103:49993-59.110.244.199:80 0.000 0.000 KB/sec
? root 192.168.1.103:50138-192.30.255.112:443 0.000 0.000 KB/sec
? root 192.168.1.103:50074-192.30.255.117:443 0.013 0.000 KB/sec
? root 192.168.1.103:50075-192.30.255.117:443 0.000 0.000 KB/sec
? root 192.168.1.103:49961-64.233.188.188:5228 0.000 0.000 KB/sec
? root 192.168.1.103:49879-216.58.200.42:443 0.011 0.000 KB/sec
? root 192.168.1.103:63374-115.182.41.180:443 0.000 0.000 KB/sec
? root 192.168.1.103:50015-59.108.137.195:443 0.011 0.000 KB/sec
? root 192.168.1.103:50137-74.125.204.113:443 0.000 0.000 KB/sec
? root 192.168.1.103:50108-192.30.253.124:443 0.000 0.000 KB/sec
TOTAL 0.034 0.000 KB/sec
does your problem worked yet? i wonder why my pid are ? all the same ,thank you@ @cgx027
from nethogs.
Related Issues (20)
- save one log every time HOT 2
- Build one for windows and MacOS. Windows and MacOS also need it! HOT 3
- on each launch nethogs show different top usage IP HOT 3
- macos problem HOT 1
- Memory steadily climbs in -v 3 -s mode HOT 1
- make libnethogs have error HOT 1
- error when making libnethogs HOT 4
- Does nethogs support multicast ip addresses such as "239.0.0.1"?
- Good
- Compiling errors in Centos 7.9 HOT 6
- 100% CPU usage in libnethogs when invoking multiple times in an application. Fix suggested.
- Pointless function
- nethogs seems to be unable to calculate network usage properly on Ubuntu 22.10 HOT 2
- How to keep it running in background.
- How to cross-compile the nethogs?
- unintelligible units HOT 7
- Error dispatching for device enp5s0f4u2: The interface disappeared
- feature request: show destination IP
- Create KDE system monitor sensor face
- [Question] License terms when using libnethogs dynamically linked HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nethogs.