Linux网络监控工具nethogs

Nethogs 是一个终端下的网络流量监控工具，它的特别之处在于可以显示每个进程的带宽占用情况，这样可以更直观获取网络使用情况。它支持 IPv4 和 IPv6 协议、支持本地网卡及 PPP 链接。

有些时候服务器莫名其妙的向外发送大量的包，占用大量带宽，导致其他服务器受到影响。那么在流量异常的情况下，如何查看每个进程使用的带宽呢？可以使用nethogs工具来查看。

当然还有一些其他宽带分析工具，需要的同学可以多了解了解，有个帖子 http://os.51cto.com/art/201404/435279.htm 做了介绍。按应用分析还是比较常见，所以我一般使用nethogs，关于nethogs的安装下面做下说明：

1、下载
地址： http://sourceforge.net/projects/nethogs/files/nethogs/
下载安装包：nethogs-0.8.0.tar.gz (38.0 kB)

2、安装

yum install ncurses*
tar -zxvf nethogs-0.8.0.tar.gz
cd nethogs
make && make install

如果报错如下：

[root@localhost nethogs]# make && make install
g++ -g -Wall -Wextra -c packet.cpp
g++ -g -Wall -Wextra -c connection.cpp
g++ -g -Wall -Wextra -c process.cpp
g++ -g -Wall -Wextra -c refresh.cpp
refresh.cpp:9: warning: unused parameter ‘i’
cc -g -Wall -Wextra -c decpcap.c
decpcap.c:7:18: error: pcap.h: No such file or directory
In file included from decpcap.c:8:
decpcap.h:34: error: expected specifier-qualifier-list before ‘pcap_t’
decpcap.c:14: error: expected ‘)’ before ‘*’ token
decpcap.c: In function ‘dp_open_offline’:
decpcap.c:48: error: ‘pcap_t’ undeclared (first use in this function)
decpcap.c:48: error: (Each undeclared identifier is reported only once
decpcap.c:48: error: for each function it appears in.)
decpcap.c:48: error: ‘temp’ undeclared (first use in this function)
decpcap.c:48: warning: implicit declaration of function ‘pcap_open_offline’
decpcap.c:55: warning: implicit declaration of function ‘dp_fillhandle’
decpcap.c: In function ‘dp_open_live’:
decpcap.c:60: error: ‘pcap_t’ undeclared (first use in this function)
decpcap.c:60: error: ‘temp’ undeclared (first use in this function)
decpcap.c:60: warning: implicit declaration of function ‘pcap_open_live’
decpcap.c: In function ‘dp_addcb’:
decpcap.c:74: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c: In function ‘dp_parse_tcp’:
decpcap.c:84: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:86: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:87: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c: In function ‘dp_parse_ip’:
decpcap.c:99: error: dereferencing pointer to incomplete type
decpcap.c:103: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:105: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:106: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c: In function ‘dp_parse_ip6’:
decpcap.c:126: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:128: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:129: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c: In function ‘dp_parse_ethernet’:
decpcap.c:150: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:152: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:153: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c: In function ‘dp_parse_ppp’:
decpcap.c:196: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:198: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:199: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c: In function ‘dp_parse_linux_cooked’:
decpcap.c:238: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:240: error: ‘struct dp_handle’ has no member named ‘callback’
decpcap.c:241: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c: In function ‘dp_pcap_callback’:
decpcap.c:270: error: ‘struct dp_handle’ has no member named ‘userdata_size’
decpcap.c:271: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c:271: error: ‘struct dp_handle’ has no member named ‘userdata_size’
decpcap.c:273: error: ‘struct dp_handle’ has no member named ‘linktype’
decpcap.c:274: error: ‘DLT_EN10MB’ undeclared (first use in this function)
decpcap.c:277: error: ‘DLT_PPP’ undeclared (first use in this function)
decpcap.c:280: error: ‘DLT_LINUX_SLL’ undeclared (first use in this function)
decpcap.c:283: error: ‘DLT_RAW’ undeclared (first use in this function)
decpcap.c:284: error: ‘DLT_NULL’ undeclared (first use in this function)
decpcap.c:289: error: ‘struct dp_handle’ has no member named ‘linktype’
decpcap.c: In function ‘dp_dispatch’:
decpcap.c:296: error: ‘struct dp_handle’ has no member named ‘userdata’
decpcap.c:297: error: ‘struct dp_handle’ has no member named ‘userdata_size’
decpcap.c:298: warning: implicit declaration of function ‘pcap_dispatch’
decpcap.c:298: error: ‘struct dp_handle’ has no member named ‘pcap_handle’
decpcap.c: In function ‘dp_setnonblock’:
decpcap.c:302: warning: implicit declaration of function ‘pcap_setnonblock’
decpcap.c:302: error: ‘struct dp_handle’ has no member named ‘pcap_handle’
decpcap.c: In function ‘dp_geterr’:
decpcap.c:307: warning: implicit declaration of function ‘pcap_geterr’
decpcap.c:307: error: ‘struct dp_handle’ has no member named ‘pcap_handle’
make: * [decpcap.o] Error 1

执行命令

yum install libpcap-dev* libncurses5-dev*

然后再重新编译安装，如下：

[root@localhost nethogs]# make && make install
cc -g -Wall -Wextra -c decpcap.c
decpcap.c: In function ‘dp_open_live’:
decpcap.c:60: warning: passing argument 5 of ‘pcap_open_live’ discards qualifiers from pointer
/usr/include/pcap/pcap.h:349: note: expected ‘char ’ but argument is of type ‘const char ’
g++ -g -Wall -Wextra -c cui.cpp -DVERSION=\”0\” -DSUBVERSION=\”8\” -DMINORVERSION=\”0\”
g++ -g -Wall -Wextra -c inode2prog.cpp
g++ -g -Wall -Wextra -c conninode.cpp
g++ -c -o devices.o devices.cpp
g++ -g -Wall -Wextra nethogs.cpp packet.o connection.o process.o refresh.o decpcap.o cui.o inodee.o devices.o -o nethogs -lpcap -lm -lncurses -DVERSION=\”0\” -DSUBVERSION=\”8\” -DMINORVERSION=
g++ -g -Wall -Wextra decpcap_test.cpp decpcap.o -o decpcap_test -lpcap -lm
install -d -m 755 /usr/local/sbin
install -m 755 nethogs /usr/local/sbin
install -d -m 755 /usr/local/share/man/man8/
install -m 644 nethogs.8 /usr/local/share/man/man8/

这样已经算是成功安装完成，输入命令 nethogs 即可查看应用的宽带占用情况。
下图是我开启了2个命令窗口做的测试：