Using nethogs, iftop, tcpdump, and iptables to Diagnose Network Bandwidth Issues on Linux
This guide explains how to employ nethogs, iftop, tcpdump, and iptables on a Linux server to identify bandwidth‑hogging processes, capture network packets, and block malicious IPs, providing step‑by‑step commands and usage tips for effective network troubleshooting.
1. Use nethogs for investigation
[root@nginx-local ~]# nethogs eth0
The nethogs tool displays per‑process network bandwidth on a specified interface; when the interface (e.g., eth0) is saturated, the output shows each process’s bandwidth usage and its PID, allowing you to pinpoint the bandwidth‑consuming process.
2. Use iftop for investigation
[root@nginx-local ~]# iftop -i eth0 -P
The -P option shows the service ports, indicating which server port each connection uses, which helps identify internal traffic sources.
3. Use tcpdump for packet capture
[root@nginx-local ~]# tcpdump tcp port 80 -nnei eth0 -w web.pcap
or
[root@nginx-local ~]# tcpdump -i eth0 -w web.pcap
The -w flag writes captured packets to a binary file (e.g., web.pcap ) that can be analyzed later with Wireshark. Install tcpdump if necessary:
[root@nginx-local center]# yum -y install tcpdump
[root@nginx-local ~]# tcpdump tcp port 443 -nnei eth0 -w web.pcap
Output example:
Click "Statistics → Sessions" in the analysis tool to view the captured data as shown in the following screenshots:
4. Block abnormal IP directly with iptables
iptables -I INPUT -s 27.185.1.27 -j DROP iptables -I OUTPUT -s 27.185.1.27 -j DROP
These steps provide a practical workflow for diagnosing and mitigating network bandwidth problems on Linux servers.
Practical DevOps Architecture
Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.