NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

Since NetHogs heavily relies on /proc, it currently runs on Linux only.

"Another 'gfi wat dit nou weer doet'-tool by raboof" -- Pnothy
"Nethogs does realtime statistics per shell user. It's actually a really great program." -- compiled
"finally a small tool which helps finding traffic-wasting processes quickly without using ntop (prot based)" -- anonymous
"nethogs est un merveilleux petit utilitaire" -- wildcat
"Ich hab da ein tolles Programm names Nethogs gefunden, dass mir genau die Ausgabe liefert die ich haben will" -- ghoulkar
NetHogs was featured in a article


Now supported:

  • Shows TCP download- and upload-speed per process
  • Supports both IPv4 and IPv6
  • Supports both Ethernet and PPP

Ideas/ToDo for new releases:

  • Incoming UDP packets?
  • Sort the output by other values than network usage
  • Monitor specific processes
  • Make it work correctly on machines with multiple IP addresses
  • Integrate into another tool?
  • gui?


Nethogs requires libpcap and ncurses. On Debian, apt-get install libncurses5-dev libpcap0.8-dev.

  • Sources are at SourceForge.
  • SuSE RPM's can be found at Guru's RPM Site and in the main APT[4rpm] repository.
  • Debian packages are in unstable thanks to the great work by Bart Martens and
  • Gentoo Ebuild here


Nethogs monitors traffic going to/from a machine, per process. Other tools rather monitor what kind of traffic travels to, from or through a machine, etcetera. I'll try to link to such tools here. By all means mail me if you know another.
  • nettop shows packet types, sorts by either size or number of packets.
  • ettercap is a network sniffer/interceptor/logger for ethernet
  • darkstat breaks down traffic by host, protocol, etc. Geared towards analysing traffic gathered over a longer period, rather than `live' viewing.
  • iftop shows network traffic by service and host
  • ifstat shows network traffic by interface in a vmstat/iostat-like manner
  • BusyTasks KDE Plasmoid script using nethogs as a backend project page

NetHogs was written by Arnout 'raboof' Engelen. It is released as Free Software under the GNU General Public License (GPL).