Arnout Engelen
@@ -10,7 +10,8 @@ Introduction
|
|||||||
|
|
||||||
NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.
|
NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.
|
||||||
|
|
||||||
Since NetHogs heavily relies on /proc, it currently runs on Linux only.
|
Since NetHogs heavily relies on /proc, some functionalities are only available on Linux.
|
||||||
|
NetHogs can be built on Mac OS X, but it will only show connections, not processes.
|
||||||
|
|
||||||
Status
|
Status
|
||||||
------
|
------
|
||||||
|
|||||||
@@ -22,7 +22,11 @@
|
|||||||
|
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <cassert>
|
#include <cassert>
|
||||||
|
#ifdef __APPLE__
|
||||||
|
#include <sys/malloc.h>
|
||||||
|
#else
|
||||||
#include <malloc.h>
|
#include <malloc.h>
|
||||||
|
#endif
|
||||||
#include "nethogs.h"
|
#include "nethogs.h"
|
||||||
#include "connection.h"
|
#include "connection.h"
|
||||||
#include "process.h"
|
#include "process.h"
|
||||||
|
|||||||
@@ -28,6 +28,12 @@
|
|||||||
#include "nethogs.h"
|
#include "nethogs.h"
|
||||||
#include "conninode.h"
|
#include "conninode.h"
|
||||||
|
|
||||||
|
#if defined __APPLE__
|
||||||
|
#ifndef s6_addr32
|
||||||
|
#define s6_addr32 __u6_addr.__u6_addr32
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
extern local_addr * local_addrs;
|
extern local_addr * local_addrs;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -179,12 +185,16 @@ void refreshconninode ()
|
|||||||
//delete conninode;
|
//delete conninode;
|
||||||
//conninode = new HashTable (256);
|
//conninode = new HashTable (256);
|
||||||
|
|
||||||
|
#if defined(__APPLE__)
|
||||||
|
addprocinfo("net.inet.tcp.pcblist");
|
||||||
|
#else
|
||||||
if (! addprocinfo ("/proc/net/tcp"))
|
if (! addprocinfo ("/proc/net/tcp"))
|
||||||
{
|
{
|
||||||
std::cout << "Error: couldn't open /proc/net/tcp\n";
|
std::cout << "Error: couldn't open /proc/net/tcp\n";
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
addprocinfo ("/proc/net/tcp6");
|
addprocinfo ("/proc/net/tcp6");
|
||||||
|
#endif
|
||||||
|
|
||||||
//if (DEBUG)
|
//if (DEBUG)
|
||||||
// reviewUnknown();
|
// reviewUnknown();
|
||||||
|
|||||||
@@ -225,7 +225,9 @@ struct prg_node * findPID (unsigned long inode)
|
|||||||
return node;
|
return node;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef __APPLE__
|
||||||
reread_mapping();
|
reread_mapping();
|
||||||
|
#endif
|
||||||
|
|
||||||
struct prg_node * retval = inodeproc[inode];
|
struct prg_node * retval = inodeproc[inode];
|
||||||
if (bughuntmode)
|
if (bughuntmode)
|
||||||
|
|||||||
16
nethogs.cpp
16
nethogs.cpp
@@ -128,10 +128,18 @@ int process_tcp (u_char * userdata, const dp_header * header, const u_char * m_p
|
|||||||
switch (args->sa_family)
|
switch (args->sa_family)
|
||||||
{
|
{
|
||||||
case (AF_INET):
|
case (AF_INET):
|
||||||
|
#ifdef __APPLE__
|
||||||
|
packet = new Packet (args->ip_src, ntohs(tcp->th_sport), args->ip_dst, ntohs(tcp->th_dport), header->len, header->ts);
|
||||||
|
#else
|
||||||
packet = new Packet (args->ip_src, ntohs(tcp->source), args->ip_dst, ntohs(tcp->dest), header->len, header->ts);
|
packet = new Packet (args->ip_src, ntohs(tcp->source), args->ip_dst, ntohs(tcp->dest), header->len, header->ts);
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case (AF_INET6):
|
case (AF_INET6):
|
||||||
|
#ifdef __APPLE__
|
||||||
|
packet = new Packet (args->ip6_src, ntohs(tcp->th_sport), args->ip6_dst, ntohs(tcp->th_dport), header->len, header->ts);
|
||||||
|
#else
|
||||||
packet = new Packet (args->ip6_src, ntohs(tcp->source), args->ip6_dst, ntohs(tcp->dest), header->len, header->ts);
|
packet = new Packet (args->ip6_src, ntohs(tcp->source), args->ip6_dst, ntohs(tcp->dest), header->len, header->ts);
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -162,10 +170,18 @@ int process_udp (u_char * userdata, const dp_header * header, const u_char * m_p
|
|||||||
switch (args->sa_family)
|
switch (args->sa_family)
|
||||||
{
|
{
|
||||||
case (AF_INET):
|
case (AF_INET):
|
||||||
|
#ifdef __APPLE__
|
||||||
|
packet = new Packet (args->ip_src, ntohs(udp->uh_sport), args->ip_dst, ntohs(udp->uh_dport), header->len, header->ts);
|
||||||
|
#else
|
||||||
packet = new Packet (args->ip_src, ntohs(udp->source), args->ip_dst, ntohs(udp->dest), header->len, header->ts);
|
packet = new Packet (args->ip_src, ntohs(udp->source), args->ip_dst, ntohs(udp->dest), header->len, header->ts);
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case (AF_INET6):
|
case (AF_INET6):
|
||||||
|
#ifdef __APPLE__
|
||||||
|
packet = new Packet (args->ip6_src, ntohs(udp->uh_sport), args->ip6_dst, ntohs(udp->uh_dport), header->len, header->ts);
|
||||||
|
#else
|
||||||
packet = new Packet (args->ip6_src, ntohs(udp->source), args->ip6_dst, ntohs(udp->dest), header->len, header->ts);
|
packet = new Packet (args->ip6_src, ntohs(udp->source), args->ip6_dst, ntohs(udp->dest), header->len, header->ts);
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -29,7 +29,11 @@
|
|||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
#include <cassert>
|
#include <cassert>
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
#ifdef __APPLE__
|
||||||
|
#include <sys/malloc.h>
|
||||||
|
#else
|
||||||
#include <malloc.h>
|
#include <malloc.h>
|
||||||
|
#endif
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
||||||
#define _BSD_SOURCE 1
|
#define _BSD_SOURCE 1
|
||||||
|
|||||||
@@ -25,7 +25,11 @@
|
|||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include <netinet/tcp.h>
|
#include <netinet/tcp.h>
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
|
#ifdef __APPLE__
|
||||||
|
#include <sys/malloc.h>
|
||||||
|
#else
|
||||||
#include <malloc.h>
|
#include <malloc.h>
|
||||||
|
#endif
|
||||||
#include <cassert>
|
#include <cassert>
|
||||||
#include <net/if.h>
|
#include <net/if.h>
|
||||||
#include <net/ethernet.h>
|
#include <net/ethernet.h>
|
||||||
|
|||||||
@@ -24,7 +24,9 @@
|
|||||||
#include <strings.h>
|
#include <strings.h>
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <ncurses.h>
|
#include <ncurses.h>
|
||||||
|
#ifndef __APPLE__
|
||||||
#include <asm/types.h>
|
#include <asm/types.h>
|
||||||
|
#endif
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@@ -221,7 +223,9 @@ Process * getProcess (Connection * connection, const char * devicename)
|
|||||||
// is slow, making this worthwhile.
|
// is slow, making this worthwhile.
|
||||||
// We take the fact for granted that we might already know the inode->pid (unlikely anyway if we
|
// We take the fact for granted that we might already know the inode->pid (unlikely anyway if we
|
||||||
// haven't seen the connection->inode yet though).
|
// haven't seen the connection->inode yet though).
|
||||||
|
#ifndef __APPLE__
|
||||||
reread_mapping();
|
reread_mapping();
|
||||||
|
#endif
|
||||||
refreshconninode();
|
refreshconninode();
|
||||||
inode = conninode[connection->refpacket->gethashstring()];
|
inode = conninode[connection->refpacket->gethashstring()];
|
||||||
if (bughuntmode)
|
if (bughuntmode)
|
||||||
|
|||||||
Reference in New Issue
Block a user