Introduction to Bandwhich
bandwhich is a command-line interface (CLI) utility designed to provide real-time insights into network usage by process, connection, and remote IP/hostname. It is a powerful tool for users who need to monitor and analyze network traffic at a granular level.
Project Status
Currently, bandwhich is under passive maintenance, meaning that while critical issues will be addressed, no new features are actively in development. The project faces challenges primarily due to lack of funding and manpower. However, contributions are encouraged, and developers interested in long-term collaboration are welcomed to apply for co-maintainership. More information can be found in the project's discussions, such as "The Future of Bandwhich #275".
How Does It Work?
Bandwhich operates by sniffing the specified network interface, tracking IP packet sizes, and cross-referencing data with system-level information from the /proc
filesystem on Linux, lsof
on macOS, or WinApi on Windows. It adjusts its display based on the terminal window size, ensuring visibility of critical data. Additionally, it endeavors to resolve IP addresses to hostnames using reverse DNS as best as it can.
Installation
Packaging and Prebuilt Binaries
For installation, one can refer to more detailed instructions in the INSTALL.md file. Bandwhich offers prebuilt binaries for various operating systems (OS), available for download via the releases page. These binaries support different architectures such as aarch64 for Android and ARMv8 for Linux, among others.
Building from Source
For those interested in customizing or contributing to bandwhich, building from source is an option. The process involves cloning the repository and building with the Rust package manager, Cargo. There are also provisions for cross-compiling for different target platforms using the cross
tool, which helps in building binaries for multiple architectures.
Post-Installation
Linux
Since bandwhich requires elevated privileges to function, users on Linux have two main options:
-
Setcap: This method involves configuring the binary with necessary capabilities, allowing it to be run by unprivileged users. This is ideal for single-user machines or environments where all users are trusted.
-
Sudo: This is suitable for multi-user environments where privilege escalation is needed every time the program is run.
Windows
For Windows users, ensuring packet capture functionality may require installing npcap before running bandwhich.
Usage
Bandwhich offers a variety of command-line options to customize its output to fit specific user needs. Users can select options to focus on processes, connections, or remote addresses, toggle DNS resolution, log data to files, and more. This flexibility accommodates both casual monitoring and in-depth traffic analysis.
Contributing
People interested in contributing to bandwhich can find more details in the CONTRIBUTING.md document. Since the project is open-source, community involvement is crucial for its continued success and development.
License
Bandwhich is distributed under the MIT License, which allows for broad use and modification of the code, encouraging sharing and collaborative improvement.
Bandwhich serves as an essential tool for those needing detailed network monitoring, adaptable to various computing environments and user needs. Whether for personal use or contribution, bandwhich offers valuable insights and an open platform for community-driven enhancements.