bandwhich
Monitor network bandwidth usage by process
TLDR
Show the remote addresses table only
Show DNS queries
Show total (cumulative) usage
Show the network utilization for a specific network interface
Show DNS queries with a given DNS server
SYNOPSIS
bandwhich [OPTIONS]
PARAMETERS
-a, --address
Show only traffic to the given IP address(es)
-i, --interface
The network interface to listen on (defaults to all interfaces)
-n, --net
The network to listen on (defaults to all networks)
-p, --pid
Show only traffic from the given process ID(s)
-t, --total
Show the total bandwidth usage for all processes
-u, --unit
The unit to display bandwidth in (bytes, kbytes, mbytes, gbytes)
-v, --version
Print version information
-l, --listen
Listen only instead of sniffing
-c, --color
Color output (auto, always, never)
-r, --raw
Print raw data, instead of the interactive interface.
--skip-loopback
Skip the loopback interface
--log-level
The log level (trace, debug, info, warn, error)
--config
Path to the configuration file (defaults to ~/.config/bandwhich/config.yaml).
--search
Search for processes with the given name
--process-commandline
Display the full command line of the process
DESCRIPTION
bandwhich (bandwidth-whatch) is a command-line tool for Linux, macOS, and FreeBSD that displays current network utilization by process. It uses the pcap library to sniff network traffic and then maps that traffic to the processes on the system using information from the operating system's process table. This allows users to quickly identify which processes are consuming the most network bandwidth.
Unlike traditional network monitoring tools like `top` or `iftop` which focus on interfaces, bandwhich shows bandwidth usage per process. This can be very helpful in diagnosing network bottlenecks or identifying applications that are unexpectedly consuming large amounts of network resources. The tool is interactive, providing a real-time updated view of network activity. Users can customize the display, filter processes, and change the refresh rate.
CAVEATS
Requires root privileges (or CAP_NET_ADMIN capability) to sniff network traffic. The accuracy of process attribution depends on the operating system's ability to map network connections to processes.
CONFIGURATION
bandwhich can be configured using a configuration file, allowing customization of display settings, filtering options, and other parameters. The default location of the configuration file is `~/.config/bandwhich/config.yaml`. The file format is YAML.
Configuration options in the YAML file allow the user to modify the display to show processes filtered by port, IP address or process name.
INTERACTIVE MODE
The default operation of bandwhich is in interactive mode. In this mode, it provides a real-time, updating display of network bandwidth usage by process.
The refresh rate is typically every half a second, and it provides the list of processes consuming bandwidth. It is possible to zoom in by selecting processes and/or connections.
PERMISSIONS
In order to be able to sniff network packets you need elevated privileges. You either need to run bandwhich as root, or give the binary the CAP_NET_ADMIN capability. For example: sudo setcap cap_net_admin+ep /usr/bin/bandwhich
HISTORY
bandwhich appears to be a relatively recent tool, gaining popularity as a more user-friendly and process-focused alternative to traditional network monitoring tools. Its development is primarily driven by the need for a simple way to identify bandwidth-hogging processes on Linux systems.