I noticed some periodic network traffic on my Ubuntu 12.04 box.
Naturally, I wonder what was polling like that…
Then I realized
netstat -ap will tell me the process using a port, but just doesn’t provide enough info to figure out which is responsible for the traffic.
sudo apt-get-install iftop
sudo iftop -Pp
Iftop is closer to what I wanted, showing traffic, but it didn’t connect the ports with traffic to the PID. At least it showed me all the traffic was local or to google’s 1e100.net, rather than to any of the other connections netstat showed. But I still didn’t know which process was responsible.
A little googling turned up Nethogs. Much closer to what I needed and easy to install.
sudo apt-get install nethogs
But here I get stuck. I killed the synergy client and chromium, but the traffic pattern is still there. Nethogs lumps all the packets it can’t associate with a PID in the ‘?’ row.
To sum up…
- netstat connect ip-port to pid
- iftop connects port to traffic
- nethogs connects pid to traffic, but most traffic is lumped into ‘unknown’
Then, there’s ntop, which runs as a daemon, has a web interface, and produces incredibly detailed reports. I installed it. We’ll see what it comes up with after it’s run for a while.
sudo apt-get install ntop
You have to create an admin password during the install.