On Linux, how can I tell which process is sending Ethernet packets?

linux debian network-monitoring

I prefer nethogs. It's a small ncurses-based console program that displays per-process network traffic status in a convenient way.


netstat -ptu will give you the owning process ids (along with standard netstat info) for all tcp and udp conections. (Normal users will not be able to id all processes.)

If something is sending out a fair amount of constant traffic you should see it on Recv-Q or Send-Q columns 2 and 3 respectively.

Examples:
Recv-Q
sudo watch -n .1 'netstat -tup | grep -E "^[tc,ud]p[6]{0,1}" | sort -nr -k2'

Send-Q
sudo watch -n .1 'netstat -tup | grep -E "^[tc,ud]p[6]{0,1}" | sort -nr -k3'

If you suspect that that process is being triggered by another process ps axf.

Related

Why should I allow multiple IP addresses on a website for a single session?
Extremely fast booting server
Listing domains on a UCC/SAN SSL Certificate
Why the discrepancy between Speedtest and Wget?
How to do Inheritance Modeling in Relational Databases?
Why does the behavior of the Integer constant pool change at 127?
MySQL Trigger to prevent INSERT under certain conditions
Animate element transform rotate
Make DocumentBuilder.parse ignore DTD references
In mongoDb, how do you remove an array element by its index?
Change Screen Orientation programmatically using a Button
How do I preserve line breaks when using jsoup to convert html to plain text?