bandwhich

Show the remote addresses table only

$ bandwhich [[-a|--addresses]]

$ bandwhich [[-s|--show-dns]]

$ bandwhich [[-t|--total-utilization]]

$ bandwhich [[-i|--interface]] [eth0]

$ bandwhich [[-s|--show-dns]] [[-d|--dns-server]] [dns_server_ip]

bandwhich [OPTIONS]

-i, --interface
    Specify the network interface to monitor (e.g., 'eth0', 'wlan0'). By default, it attempts to detect the primary interface.

-r, --no-resolve
    Do not attempt to resolve IP addresses to hostnames. This can reduce CPU usage and may be useful in environments where DNS resolution is slow or undesirable.

-s, --raw
    Display raw byte counts (bytes per second) instead of human-readable units (e.g., KB/s, MB/s). Allows for more precise readings.

-l, --rlimit
    Set the maximum number of rows to display in the main traffic view. Useful for limiting screen output on smaller terminals or focusing on top consumers.

-h, --help
    Print the help message and exit.

-v, --version
    Print the version information and exit.

bandwhich is a cross-platform terminal-based utility designed for visualizing current network utilization in real time. It provides an intuitive, interactive curses-like interface that displays network traffic information broken down by process, connection, and remote IP/domain.

It's particularly useful for quickly identifying which applications or remote hosts are consuming bandwidth, troubleshooting network performance issues, or detecting unusual network activity. bandwhich resolves IP addresses to hostnames, shows process names responsible for connections, and provides total traffic statistics. Written in Rust, it offers a modern and responsive user experience.

• bandwhich typically requires root privileges (e.g., running with sudo) to access packet capture capabilities.
• It relies on underlying packet capture libraries (like libpcap or npcap on Windows), which must be correctly installed and configured.
• Performance can vary depending on network traffic volume and system resources. High traffic volumes might lead to increased CPU usage.
• Some specific network setups (e.g., certain VPN configurations or virtual interfaces) might require explicit interface specification with the -i option.

While running, bandwhich provides several interactive keyboard shortcuts for navigation and control:

• q: Quit the application.
• j / k: Scroll up/down the list of connections.
• f: Enter filter mode to search for specific connections or processes.
• d: Toggle display between domain names and raw IP addresses for remote hosts.
• p: Toggle display between process names and process IDs.

bandwhich is a relatively modern tool, written in Rust, a language known for its performance and safety. It was developed to provide a modern, interactive terminal user interface (TUI) experience for network monitoring, addressing some of the limitations or less user-friendly aspects of older command-line network utilities. Its development focuses on real-time data presentation and user interactivity, contributing to its growing popularity in the Linux system administration toolkit.

netstat(8), ss(8), iftop(8), nethogs(8), atop(1), bmon(1), tcpdump(8)