Application-level network monitoring/bandwidth tool for Unix/Mac OSX


There are squillions of tools out there that provide traffic analysis on networks at the IP/Port level, but none that I can see that roll up to the "application" level (e.g., Firefox=10.4%, iChat=39.1%, Azureus=27.6%, ...)

Does anyone know of a tool that will show me dynamically:

a) A breakdown of bandwidth usage by Unix process (KB/sec incoming/outgoing), something perhaps like "top" does for processes
b) A breakdown by "application" (I guess somehow determing what processes are actually applications versus processes. This is likely OS specific, in which case I am searching for Mac OS X specifically)
c) A GUI based tool that provides this information. (X11 or preferably a Mac OS X native one)

The ideal tool would show dynamically bandwidth utilisation of a given application, say Firefox, through a network adapter, say en0 or whatever. The idea being simply to see at a glance which *apps* are chewing up the limited bandwidth of a broadband connection (as opposed to which TCP/IP port).

This is small fry stuff, so a free or inexpensive (say under $50) solution is required

Any help much appreciated. Points awarded to first really good suggestion that solves a,b,c  or split between the first few reasonable suggestions that give some of the above.

Thanks in advance
Who is Participating?
matheweisConnect With a Mentor Commented:
Such a tool would be useful, unfortunately, I don't know that it can (at least reasonably) be done.

Here's a few clues to get you on track if you want to dive further into it:

Apart from the information provided by top, the only other process-level information that I know of requires process accounting to be turned on (accton from the command line) There's a program for UNIX out that tracks process accounting information called `atop`, but I've never seen a version for OS X.

Even if you do get `atop` working, it still doesn't track I/O. There's a kernel patch out there for UNIXes that will allow atop to track I/O; I have no idea how well it would work with OS X. Then, once you have the per-process I/O, you need would need to figure out how to seperate it file I/O from the network I/O.

Here's a list of all the (non-gui) programs I know of that will tell you some bit of useful system information (But still not per-process I/O) If you're up to it, most of them can be tapped into with AppleScript for a simpl GUI.

top (Running process)
lsof (Opening files and network sockets)
fs_usage (Running list of file system accesses)
vm_stat (Virtual memory statistics)
sc_calls (Running list of system calls)
iostat (Data read and written from drives)
netstat (Active 'net connections)
accton (Process accounting)

You can look at man [process-name] for more info on each of these.
swatharowAuthor Commented:
OK, thanks. I guess I'll just work with those programs and see what I can do. It must be possible because there's a program for the Mac called Little Snitch that intercepts Internet I/O on an application by application basis. So somehow you are clearly able to link network activities to an application, presumably including the volume of traffic.

Since there are no other responses to this, I'll pass the points on to you.

swartharow - Thanks for the points.

As seen in the Little Snitch FAQ (, they use a proprietary kernel extension to track network activity on a per-application basis. Once you get into writing your own kernel extensions, well, there's not much limit to what can be done.

Sorry we couldn't find what you were looking for... Again, as far as I know, there's nothing really that can do it on the OS X side. What you're really looking for, I think, is an OS X equivalent to the PC program Net Monitor.

You might also try asking the writers of Little Snitch if they are planning on incorporating that ability into future versions of the software. Since they've already written the kernel extensions, it might not be that difficult to add that capability. Worth a try at least.
swatharowAuthor Commented:
Great. Thanks for all the info. I might ask the Little Snitch people what their plans are.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.