Using iftop command we shall be able to determine what program is hogging bandwidth.
iftop -bNBP is the commonly used option where
-n don’t do hostname lookups
-N don’t convert port numbers to services
-B Display bandwidth in bytes
-P show ports as well as hosts
The last three columns in the main display stand for the averages of the data transferred over the previous 2,10 and 40-seconds respectively.
We can aggregate the traffic for each source into one line by pressing “s” and for each destination by pressing “d”.
Typing “l” shows a display filter, where we can enter a pattern or string,so that only traffic matching that pattern is displayed. For example, by using “ssh” in the diplay filter we can get info on traffic related to ssh alone(To use this option, remove -N from iftop command). Alternatively we can use search strings like “:22” in display filter to get the traffic related to ssh alone. This filter can be specified from command line too
iftop -nBP -f ‘port 22’