These days everyone it seems uses a mobile smartphone using apps usually free or less than $1 over that amount would seem excessive even $2 os let alone €30.
€30 ($43 + taxes Canadian to me) that's quite enough for software maybe not excessive but any more and I'd pass on it.
Having purchased a computer in 1990 along with WordPerfect ($300 then - $540 in today's dollars) and Lotus 123 (another $300/$540), this makes me smile ;-)
IIRC, it is the most recently active project. As far as I can tell, the whole user-facing, interactive firewall program never really caught on in linux land.
I haven't tried hogswatch; judging by the screenshots, it doesn't bring anything more, information-wise, than what's already present in nethogs' terminal UI.
But 0.8.1 fixes the problem described on the askubuntu page the grand-grandparent linked to.
My current tool of choice for on-demand console traffic monitoring is tcptrack.[0] Uses libpcap so accepts the same filtering syntax as tcpdump.
It can be pretty CPU intensive, so I would recommend against running it on production perimeter systems. Also, the 2 second default retention period is a bit short.
Glasswire is also interesting. Way smoother looking interface than any of the other stuff I've seen & there is a paid edition as well so they clearly put time into it.
If you're on Mac and just want to monitor the connections that each process makes (not the bandwidth), Radio Silence just got a built-in network monitor a few weeks ago: https://radiosilenceapp.com
Nice, first time I hear about it and seems really nice. Good work.
If I only wanted to monitor network connections on my mac, and block/allow them forever/for a limited time, is there any difference in functionality between this and Little Snitcher?
On Windows: Sysinternals Process Explorer, already mentioned Glasswire and NetBalancer and a bunch of other apps, almost all which aren't very good at all. But Glasswire is very nice.
Also from Windows 8 and up the built in task manager has per process network usage along with disk usage. Makes it real easy to find bottlenecks or resource hogs.
Does this require Administrator rights to see this granularity? In my office as a non-admin user, we have noticed that Task Manager seems really crippled.
You won't see other users processes, at least on my box however the detail is there for yours. Probably possible for it to be crippled by group policy.
In previous versions of Windows, the task manager menus could be toggled by double clicking an empty area in the window. You should also be able to select additional columns to display in the options. Note: I haven't used the win8 taskmgr.
would be nice to configure a central server to which to push data to and list the machine name with each entry so you can monitor all machines on a network and see who and what is hogging the bandwidth. Might give it a go
Under the hood, this is using nethogs. Here's how nethogs associates traffic with a process:
On linux the file /proc/net/tcp lists all established TCP connections. It includes the local and remote socket addresses and the inode number for the local socket. Nethogs uses libpcap to sniff traffic and associate it with its entry in /proc/net/tcp. It takes the inode from there and scans through /proc/*/fd/ looking for the file descripter that has that inode to determine which process has the socket open. Once it finds the process it adds it to a table of inode to process id mappings so it doesn’t have to scan through /proc again the second time a packet for that connection comes through.
I've been working on a similar python webserver + webview GUI from that used in this repo, but aren't there security concerns of just opening it up to the local network? Aren't you exposing your entire API to any app on the same computer?
I don't think so. If you look at the code carefully, it's pretty much one way traffic. Nothing of significance goes from Client/Webview to the server to get executed.
I was however hoping for authorization based handshakes. Maybe he'll put it in sometime.
On a side note: The project author doesn't sleep enough. He's a good friend. And also it's Finals Week now. :P
52 comments
[ 3.2 ms ] story [ 104 ms ] threadI noticed in one of your screenshots you use LS as well, do they serve different purposes or was it just a project for fun?
[0] https://developer.apple.com/legacy/library/documentation/Dar...
What's so unfortunate about it?
€30 ($43 + taxes Canadian to me) that's quite enough for software maybe not excessive but any more and I'd pass on it.
IIRC, it is the most recently active project. As far as I can tell, the whole user-facing, interactive firewall program never really caught on in linux land.
http://linux.die.net/man/8/netstat
similarly for disk
http://linux.die.net/man/1/iotop
I'm not sure why a straightforward graphing project is getting so many votes.
Utility isn't always linked to complexity.
Edit: built from source but stuck with other people in the installation of hogswatch https://github.com/akshayKMR/hogwatch/issues/3
But 0.8.1 fixes the problem described on the askubuntu page the grand-grandparent linked to.
It can be pretty CPU intensive, so I would recommend against running it on production perimeter systems. Also, the 2 second default retention period is a bit short.
But all in all very handy.
0: https://tracker.debian.org/pkg/tcptrack
Iftop and iptraf are command line, and map bandwidth use, but not to processes.
http://www.ex-parrot.com/~pdw/iftop/
http://iptraf.seul.org/
Otherwise I'll give it a shot.
Disclaimer: I'm the author
If I only wanted to monitor network connections on my mac, and block/allow them forever/for a limited time, is there any difference in functionality between this and Little Snitcher?
The memory usage used to be bad but it seems better now.
On linux the file /proc/net/tcp lists all established TCP connections. It includes the local and remote socket addresses and the inode number for the local socket. Nethogs uses libpcap to sniff traffic and associate it with its entry in /proc/net/tcp. It takes the inode from there and scans through /proc/*/fd/ looking for the file descripter that has that inode to determine which process has the socket open. Once it finds the process it adds it to a table of inode to process id mappings so it doesn’t have to scan through /proc again the second time a packet for that connection comes through.
I am really overwhelmed by the response. However the project is still very much unifinished.
Here are somethings that need to be fixed/added for eg.
-fix some bugs on frontend.(proper sort on listing/chart switching etc.)
-Kill nethogs process on exit // fails sometimes
-Store history for restarts.
-proper packaging.
-unit tests.
I'll add the above to the readme.md
First time on Hackernews/Github feed feels great though. Cheers.
I was however hoping for authorization based handshakes. Maybe he'll put it in sometime.
On a side note: The project author doesn't sleep enough. He's a good friend. And also it's Finals Week now. :P