Software recommendation: Command line network analyser that shows owning process
I'm looking for something that is a mix of tcpdump, lsof, and netstat.
I want to be able to filter like tcpdump, but have an additional column showing the process ID. At the end I'd like to be able to stats like wireshark, but by application.
Why, you ask?
Good question. I want to be able to answer things like this:
- What process is connecting on port 80 to *le100.com (owned by google)
- Why am I seeing packets to amazonaws when I have no browsers running?
- Why is there traffic to stackoverflow.com when I have no web pages open to it?
GUI or commandline doesn't matter.
This got started when I was trying to figure what was taking up all the bandwidth on my rather limited connection. (We have 4 computers in the house for an asymetric 2M/500k connection. That's bits, not bytes.)
Solution 1:
lsof will do this with the correct flags and arguments. The following flags will show you the program and PID using the open connections.
-P to show you port numbers instead of names.
-i[tcp|udp][@hostname|IP][:port]
Here are examples for the 3 situations you listed.
lsof [email protected]:80
Note, I do not believe that lsof allows globbing with *
lsof [email protected]
or
lsof [email protected]