Hacker News new | past | comments | ask | show | jobs | submit login
Hogwatch – a bandwidth monitor that shows per process network transfer (github.com/akshaykmr)
195 points by cujanovic on April 30, 2016 | hide | past | favorite | 52 comments

Under the hood, this is using nethogs. Here's how nethogs associates traffic with a process:

On linux the file /proc/net/tcp lists all established TCP connections. It includes the local and remote socket addresses and the inode number for the local socket. Nethogs uses libpcap to sniff traffic and associate it with its entry in /proc/net/tcp. It takes the inode from there and scans through /proc/*/fd/ looking for the file descripter that has that inode to determine which process has the socket open. Once it finds the process it adds it to a table of inode to process id mappings so it doesn’t have to scan through /proc again the second time a packet for that connection comes through.

Hey, project author here. This is the first python package or project for that matter I've built for my college assignment.

I am really overwhelmed by the response. However the project is still very much unifinished.

Here are somethings that need to be fixed/added for eg.

-fix some bugs on frontend.(proper sort on listing/chart switching etc.)

-Kill nethogs process on exit // fails sometimes

-Store history for restarts.

-proper packaging.

-unit tests.

I'll add the above to the readme.md

First time on Hackernews/Github feed feels great though. Cheers.

If you're on Mac and just want to monitor the connections that each process makes (not the bandwidth), Radio Silence just got a built-in network monitor a few weeks ago: https://radiosilenceapp.com

Disclaimer: I'm the author

Nice, first time I hear about it and seems really nice. Good work.

If I only wanted to monitor network connections on my mac, and block/allow them forever/for a limited time, is there any difference in functionality between this and Little Snitcher?

Is there anything like that for windows? or any command line tool?

On OS X I use Little Snitch. Unfortunately, it's not free.

I noticed in one of your screenshots you use LS as well, do they serve different purposes or was it just a project for fun?

Its "interface" is terrible but in Terminal you can run OS X's nettop [0] to see per-network connection, per-process bytes per second in and out.

[0] https://developer.apple.com/legacy/library/documentation/Dar...

Somewhat on topic, anyone know of something like Little Snitch for Linux?

There's LeopardFire: https://github.com/themighty1/lpfw

IIRC, it is the most recently active project. As far as I can tell, the whole user-facing, interactive firewall program never really caught on in linux land.

> Unfortunately, it's not free.

What's so unfortunate about it?

It's not just nonfree (in speech and beer), but it's also very expensive for a personal product IMHO.

lol, it's 30 euro. I was expecting something about 500!

These days everyone it seems uses a mobile smartphone using apps usually free or less than $1 over that amount would seem excessive even $2 os let alone €30.

€30 ($43 + taxes Canadian to me) that's quite enough for software maybe not excessive but any more and I'd pass on it.

Most personal Mac apps are half that or less. It is expensive.

You can afford a Mac, but you begrudge the author of a useful utility $30 bucks for a perpetual license?

I don't "begrudge" anyone, I'm just pointing out where the price lies in the market.

Having purchased a computer in 1990 along with WordPerfect ($300 then - $540 in today's dollars) and Lotus 123 (another $300/$540), this makes me smile ;-)

On Windows: Sysinternals Process Explorer, already mentioned Glasswire and NetBalancer and a bunch of other apps, almost all which aren't very good at all. But Glasswire is very nice.

Process Hacker is much better than Process Explorer, plus it's open source :)

Also from Windows 8 and up the built in task manager has per process network usage along with disk usage. Makes it real easy to find bottlenecks or resource hogs.

Does this require Administrator rights to see this granularity? In my office as a non-admin user, we have noticed that Task Manager seems really crippled.

You won't see other users processes, at least on my box however the detail is there for yours. Probably possible for it to be crippled by group policy.

In previous versions of Windows, the task manager menus could be toggled by double clicking an empty area in the window. You should also be able to select additional columns to display in the options. Note: I haven't used the win8 taskmgr.

Task Manager or Resource Monitor (which you can launch from Task Manager)? I see lots of per-process stuff in the latter but not the former.

Windows 10 Task Manager http://imgur.com/R9mbMZY

I agree, GlassWire is nice on Windows https://www.glasswire.com

The memory usage used to be bad but it seems better now.

A quick alternative on Mac is "nettop" in the Terminal

Nice. I use Little Snitch myself. I also appreciate the clever naming. ;)

The final build should have proper shebangs and I also noticed the CSS is a little messy. I'll submit a pull request in a bit.

Otherwise I'll give it a shot.

I've been working on a similar python webserver + webview GUI from that used in this repo, but aren't there security concerns of just opening it up to the local network? Aren't you exposing your entire API to any app on the same computer?

I don't think so. If you look at the code carefully, it's pretty much one way traffic. Nothing of significance goes from Client/Webview to the server to get executed.

I was however hoping for authorization based handshakes. Maybe he'll put it in sometime.

On a side note: The project author doesn't sleep enough. He's a good friend. And also it's Finals Week now. :P

Dammit, now I've gone down a Terry Pratchett black hole again. Thanks, cujanovic.

NetBalancer is a similar tool for Windows, with interesting functionality, but not free https://netbalancer.com

Glasswire is also interesting. Way smoother looking interface than any of the other stuff I've seen & there is a paid edition as well so they clearly put time into it.

Resource Monitor (resmon.exe) is built-in and will display per process up/down network usage. It does not have per-process graphs AFAIK.

It does, you just have to select them: http://i.imgur.com/begi54h.png (notice orange lines)

Honestly, Task Manager does the job for me. Windows 8 and up, it's great!

WFN is a free, open source alternative: https://wfn.codeplex.com/

Netstat isn't really similar as it's not mapping bandwidth use to processes.

Iftop and iptraf are command line, and map bandwidth use, but not to processes.



I use nethogs myself but it's not being placed on repos/ppa lately :( http://askubuntu.com/questions/726601/nethogs-%E2%86%92-crea...

My current tool of choice for on-demand console traffic monitoring is tcptrack.[0] Uses libpcap so accepts the same filtering syntax as tcpdump.

It can be pretty CPU intensive, so I would recommend against running it on production perimeter systems. Also, the 2 second default retention period is a bit short.

But all in all very handy.

0: https://tracker.debian.org/pkg/tcptrack

Thanks, I'll give this a try.

Hogwatch uses Nethogs too: "Hogwatch uses a light python webserver(bottle) feeding nethogs trace mode output to the frontend (Vue.js) using websockets."

I'm not sure why a straightforward graphing project is getting so many votes.

Because it keeps other people from having to write a straightforward graphing project that does the same thing?

Utility isn't always linked to complexity.

When you upgrade to Xenial, nethogs 0.8.1 is there in the universe repo. Works fine here.

hogswatch needs nethogs 0.8.2+. I'll try to build it from source.

Edit: built from source but stuck with other people in the installation of hogswatch https://github.com/akshayKMR/hogwatch/issues/3

I haven't tried hogswatch; judging by the screenshots, it doesn't bring anything more, information-wise, than what's already present in nethogs' terminal UI.

But 0.8.1 fixes the problem described on the askubuntu page the grand-grandparent linked to.

would be nice to configure a central server to which to push data to and list the machine name with each entry so you can monitor all machines on a network and see who and what is hogging the bandwidth. Might give it a go

At a network-level, other tools are often used (e.g. sflow, netflow, ipfix, etc.).

etherape is another option on Linux.

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact