This is a CLI utility for displaying current network utilization by process, connection and remote IP/hostname
How does it work?
bandwhich sniffs a given network interface and records IP packet size, cross referencing it with the
/proc filesystem on linux,
lsof on macOS, or using WinApi on windows. It is responsive to the terminal window size, displaying less info if there is no room for it. It will also attempt to resolve ips to their host name in the background using reverse DNS on a best effort basis.
Download a prebuilt binary
If you're on linux, you can download the generic binary from the releases.
pacman -S bandwhich
bandwhich is available in
nixpkgs, and can be installed, for example, with
nix-env -iA nixpkgs.bandwhich
xbps-install -S bandwhich
bandwhich is available in COPR, and can be installed via DNF:
sudo dnf copr enable atim/bandwhich -y && sudo dnf install bandwhich
macOS/Linux (using Homebrew)
brew install bandwhich
pkg install bandwhich
cd /usr/ports/net-mgmt/bandwhich && make install clean
Windows / Other Linux flavours
bandwhich can be installed using the Rust package manager, cargo. It might be in your distro repositories if you're on linux, or you can install it via rustup. You can find additional installation instructions here.
The minimum supported Rust version is 1.39.0.
cargo install bandwhich
On Linux, after installing with cargo:
~/.cargo/bin/bandwhich but you need root priviliges to run
bandwhich. To fix that, there are a few options:
- Give the executable elevated permissions:
sudo setcap cap_sys_ptrace,cap_dac_read_search,cap_net_raw,cap_net_admin+ep $(which bandwhich)
sudo ~/.cargo/bin/bandwhichinstead of just
- Create a symlink:
sudo ln -s ~/.cargo/bin/bandwhich /usr/local/bin/(or another path on root's PATH)
- Set root's PATH to match your own:
sudo env "PATH=$PATH" bandwhich
- Tell sudo to use your user's environment variables:
sudo -E bandwhich
- Pass the desired target directory to cargo:
sudo cargo install bandwhich --root /usr/local/bin/
On Windows, after installing with cargo:
You might need to first install npcap for capturing packets on windows.
bandwhich on OpenWRT, you'll need to compile a binary that would fit its processor architecture. This might mean you would have to cross compile if, for example, you're working on an
x86_64 and the OpenWRT is installed on an
arm7. Here is an example of cross compiling in this situation:
- Check the processor architecture of your router by using
- Clone the bandwhich repository
git clone https://github.com/imsnif/bandwhich
cargo install cross
- build the
cross build --target armv7-unknown-linux-musleabihf
- Copy the binary files from
target/armv7-unknown-linux-musleabihf/debug/bandwhichto the router using
scp bandwhich [email protected]:~/(here, 192.168.1.1 would be the IP address of your router).
- Finally enter the router using ssh and run the binary directly with
USAGE: bandwhich [FLAGS] [OPTIONS] FLAGS: -a, --addresses Show remote addresses table only -c, --connections Show connections table only -h, --help Prints help information -n, --no-resolve Do not attempt to resolve IPs to their hostnames -p, --processes Show processes table only -r, --raw Machine friendlier output -s, --show-dns Show DNS queries -t, --total-utilization Show total (cumulative) usages -V, --version Prints version information OPTIONS: -i, --interface <interface> The network interface to listen on, eg. eth0 -d, --dns-server <dns-server> A dns server ip to use instead of the system default
Note that since
bandwhich sniffs network packets, it requires root privileges - so you might want to use it with (for example)
On Linux, you can give the
bandwhich binary a permanent capability to use the required privileges, so that you don't need to use
sudo bandwhich anymore:
sudo setcap cap_sys_ptrace,cap_dac_read_search,cap_net_raw,cap_net_admin+ep `which bandwhich`
bandwhich capability to list
/proc/<pid>/fd/ and resolve symlinks in that directory. It needs this capability to determine which opened port belongs to which process.
bandwhich capability to capture packets on your system.
bandwhich also supports an easier-to-parse mode that can be piped or redirected to a file. For example, try:
bandwhich --raw | grep firefox
Contributions of any kind are very welcome. If you'd like a new feature (or found a bug), please open an issue or a PR.
To set up your development environment:
- Clone the project
cargo run, or if you prefer
cargo run -- -i <network interface name>(you can often find out the name with
iwconfig). You might need root privileges to run this application, so be sure to use (for example) sudo.
To run tests:
Note that at the moment the tests do not test the os layer (anything in the
If you are stuck, unsure about how to approach an issue or would like some guidance, you are welcome to contact: [email protected]