tcpdump mailing list archives
Re: bandwidth by user or process id
From: Maciej Grela <maciej.grela () gmail com>
Date: Wed, 6 Oct 2010 11:07:23 +0200
2010/10/6 Patrick Kurz <kurzpatrick () ymail com>:
----- Original Message ----From: Phil Vandry <vandry () TZoNE ORG> To: Rob Hasselbaum <rob () hasselbaum net> Cc: tcpdump-workers () lists tcpdump org Sent: Tue, October 5, 2010 7:53:16 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum <rob () hasselbaum net> wrote:Yes, it is possible (on Linux, anyway), but not extremely easy. You can correlate packet data to the kernel's network connection table and network connections to inode values by reading "/proc/net/tcp*" andIsn't that unreliable? The connection might be short-lived and disappear from /proc/net/{tc,ud}p* before you have a chance to find it.I was also slightly concerned about short-lived connections. But if the measured bandwidth is accurate by 10%, it is sufficient for my use case. What kind of applications do in general create such short-lived connections and still produce considerable traffic (say, more than 100MB/hour)?Since you are assuming Linux anyway, have you considered using iptables? If you don't have a huge number of users, you can create a rule like this for each uid: iptables -I OUTPUT -m owner --uid-owner <foo> -j ACCEPT and then just monitor the packet & byte counters on these rules.
BTW, is it possible to monitor *incoming* packages using this kind of rule ? -- Maciej Grela - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: bandwidth by user or process id, (continued)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Patrick Kurz (Oct 05)
- Re: bandwidth by user or process id Gert Doering (Oct 05)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)
- Re: bandwidth by user or process id Gert Doering (Oct 06)
- Re: bandwidth by user or process id Gerald Combs (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)