Back to all posts

Bash: Network Activity

Monitoring network activity of processes on your system can be essential for troubleshooting, performance tuning, or security purposes. In this blog post, we’ll explore how to check the network activity of a process using Bash on the terminal. We’ll cover several useful tools, including netstat, ss, lsof, and iftop.

Tools for Monitoring Network Activity

1. netstat

netstat is a command-line utility that displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Although deprecated in favor of ss, it is still widely used and useful.

Installing netstat

On most Linux distributions, netstat is part of the net-tools package. Install it using the package manager:

sudo apt update
sudo apt install net-tools

Using netstat

To display network connections for a specific process, use the following command:

netstat -plnt

Options:

  • -p: Show PID and program name.
  • -l: Show only listening sockets.
  • -n: Show numerical addresses instead of resolving hosts.
  • -t: Show TCP connections.

Example:

netstat -plnt | grep <process_id>

2. ss

ss (Socket Statics) is a modern replacement for netstat. It is more efficient and provides more detailed information about network connections.

Using ss

To display network connections for a specific process, use the following command:

ss -plnt

Options:

  • -p: Show process using the socket.
  • -l: Show only listening sockets.
  • -n: Don’t resolve service names.
  • -t: Display TCP sockets.

Example:

ss -plnt | grep <process_id>

3. lsof

lsof (List Open Files) is a powerful utility that provides a list of all open files and the processes that opened them. Since network connections are treated as files in Unix-like systems, lsof can also list network connections.

Installing lsof

Install lsof using the package manager:

sudo apt update
sudo apt install lsof

Using lsof

To list network connections opened by a specific process, use the following command:

lsof -i -a -p <process_id>

Options:

  • -i: List IP sockets.
  • -a: AND operator to combine criteria.
  • -p <process_id>: List files opened by the specified process.

4. iftop

iftop is a real-time console-based network bandwidth monitoring tool. It displays a list of network connections from/to your system and the bandwidth used by each connection.

Installing iftop

Install iftop using the package manager:

sudo apt update
sudo apt install iftop

Using iftop

Run iftop with root privileges to monitor network activity:

sudo iftop

Use filters to monitor specific ports or addresses. For example, to filter traffic on port 80:

sudo iftop -f "port 80"

Example: Monitoring a Process with curl

Let’s say you want to monitor the network activity of a curl command.

  1. Run the curl command in the background:

    curl http://example.com -o /dev/null &

  2. Find the process ID (PID) of curl:

    pgrep curl

  3. Use netstat, ss, or lsof to monitor the process:

    netstat -plnt | grep <curl_pid>
ss -plnt | grep <curl_pid>
lsof -i -a -p <curl_pid>

  4. Use iftop to monitor overall network activity:

    sudo iftop

Conclusion

Monitoring network activity of processes using the terminal in Bash is a crucial skill for system administrators and developers. Tools like netstat, ss, lsof, and iftop provide powerful ways to track and analyze network connections. By integrating these tools into your workflow, you can gain valuable insights into network usage, troubleshoot issues, and ensure the security and performance of your system.

Published: Jan 16, 2024