I'm looking for a utility to continuously monitor network traffic by process.
Something like top but instead of focusing on CPU/memory, I would like to see TCP and UDP ports and throughput for the most network-active processes. I imagine a regularly updated screen with headers like:
PID USER PROTO PORTNO Kbps STARTTIME COMMAND...
The closest I could find are atop and lsof -i. atop shows aggregate network activity in the main screen (not by process). Hitting N for a network focused view gives:
Kernel module 'netatop' not active or no root privs; request ignored!
# When run under sudo, so how do I install the 'netatop' kernel module ?
lsof -i shows the processes holding the ports, but no throughput/activity.
sudo watch netstat -Wtunape is another good option. It includes IP addresses, ports (both local and remote) and even connection states, but doesn't include throughput and process start-time.
Any tips appreciated.
