tcpdump mailing list archives
Re: bandwidth by user or process id
From: Phil Vandry <vandry () TZoNE ORG>
Date: Tue, 5 Oct 2010 13:53:16 -0400
On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum <rob () hasselbaum net> wrote:
Yes, it is possible (on Linux, anyway), but not extremely easy. You can correlate packet data to the kernel's network connection table and network connections to inode values by reading "/proc/net/tcp*" and
Isn't that unreliable? The connection might be short-lived and disappear from /proc/net/{tc,ud}p* before you have a chance to find it. Since you are assuming Linux anyway, have you considered using iptables? If you don't have a huge number of users, you can create a rule like this for each uid: iptables -I OUTPUT -m owner --uid-owner <foo> -j ACCEPT and then just monitor the packet & byte counters on these rules. -Phil - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- bandwidth by user or process id Patrick Kurz (Oct 04)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Patrick Kurz (Oct 04)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Patrick Kurz (Oct 05)
- Re: bandwidth by user or process id Gert Doering (Oct 05)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)
- Re: bandwidth by user or process id Gert Doering (Oct 06)
- Re: bandwidth by user or process id Patrick Kurz (Oct 04)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Gerald Combs (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)