Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking for a tool that will log network traffic, preferably in an easily understandable way like, say, nethogs.
What I want is to start network logging at boot time, then look at it some time later to get a comprehensive overview about which applications did what.
Unfortunately nethogs does not provide logging.
I also looked at ntopng, but it seems way too complicated for my needs, and seems to focus on real-time overview in a browser.
I also looked at various solutions on stackoverflow etc., with e.g. netstat, but again this does not seem to address logging.
In a word, the application's output would need to be simplistic enough for me to understand.
A network monitoring tool that was made with logging in mind, maybe?
Wireshark might be something to look at. It won't be able to translate network to socket/application.
I guess there is some way to view by program that I don't know about. I'd be tempted to use some sort of vm or jail to capture an applications traffic.
Last link has many tools.
I would suggest wireshark too. Just wanted to note: to analyze network traffic you need to be familiar with it. It cannot be really simple, because it is relatively complex (by its nature). WireShark organizes the captured data in a "user friendly" way and there are a lot of possibilities to filter out unnecessary traffic/info.
Thanks for all your help and sorry for the late reply.
I understand that network traffic is very complex - way too complex for me.
That's why I like the way e.g. nethogs works: it shows you which application accesses which address/IP.
I'm not so interested in bandwidth or how much data is transmitted, just who (i.e. which application) connects to who - especially unbidden!
I would like to have something as simple as that, but with logging - which nethogs does not mention at all in its documentation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.