On linux the file /proc/net/tcp lists all established TCP connections. It includes the local and remote socket addresses and the inode number for the local socket. Nethogs uses libpcap to sniff traffic and associate it with its entry in /proc/net/tcp. It takes the inode from there and scans through /proc/*/fd/ looking for the file descripter that has that inode to determine which process has the socket open. Once it finds the process it adds it to a table of inode to process id mappings so it doesn’t have to scan through /proc again the second time a packet for that connection comes through.
I am really overwhelmed by the response. However the project is still very much unifinished.
Here are somethings that need to be fixed/added for eg.
-fix some bugs on frontend.(proper sort on listing/chart switching etc.)
-Kill nethogs process on exit // fails sometimes
-Store history for restarts.
I'll add the above to the readme.md
First time on Hackernews/Github feed feels great though. Cheers.
Disclaimer: I'm the author
If I only wanted to monitor network connections on my mac, and block/allow them forever/for a limited time, is there any difference in functionality between this and Little Snitcher?
I noticed in one of your screenshots you use LS as well, do they serve different purposes or was it just a project for fun?
IIRC, it is the most recently active project. As far as I can tell, the whole user-facing, interactive firewall program never really caught on in linux land.
What's so unfortunate about it?
€30 ($43 + taxes Canadian to me) that's quite enough for software maybe not excessive but any more and I'd pass on it.
The memory usage used to be bad but it seems better now.
Otherwise I'll give it a shot.
I was however hoping for authorization based handshakes. Maybe he'll put it in sometime.
On a side note: The project author doesn't sleep enough. He's a good friend. And also it's Finals Week now. :P
similarly for disk
Iftop and iptraf are command line, and map bandwidth use, but not to processes.
It can be pretty CPU intensive, so I would recommend against running it on production perimeter systems. Also, the 2 second default retention period is a bit short.
But all in all very handy.
I'm not sure why a straightforward graphing project is getting so many votes.
Utility isn't always linked to complexity.
Edit: built from source but stuck with other people in the installation of hogswatch https://github.com/akshayKMR/hogwatch/issues/3
But 0.8.1 fixes the problem described on the askubuntu page the grand-grandparent linked to.