tcpdump mailing list archives
Re: bandwidth by user or process id
From: Phil Vandry <vandry () TZoNE ORG>
Date: Wed, 6 Oct 2010 15:06:15 -0400
On Wed, Oct 06, 2010 at 01:30:14AM -0700, Patrick Kurz wrote:
I was also slightly concerned about short-lived connections. But if the measured bandwidth is accurate by 10%, it is sufficient for my use case. What kind of applications do in general create such short-lived connections and still produce considerable traffic (say, more than 100MB/hour)?
I dunno, maybe BitTorrent when it's quickly going through lots of potential peers. But as Rob pointed out, even then the entries stick around for a little while in the table in TIME_WAIT state so it's hard to miss them.
Very good suggestion. I'll learn more about iptables. Do you know if this would also be able to distinguish the bandwidth consumed by different users on the same shared socket (e.g. ssh) as Rob pointed out in the previous post?
It's rare for different processes belonging to different users to actually share the same socket so I don't think you'd need to worry about that. In the case of ssh, each new session has its own independant socket. On Wed, Oct 06, 2010 at 11:07:23AM +0200, Maciej Grela wrote:
BTW, is it possible to monitor *incoming* packages using this kind of rule ?
I don't think so. This technique is looking less useful by the minute :-) -Phil - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: bandwidth by user or process id, (continued)
- Re: bandwidth by user or process id Patrick Kurz (Oct 05)
- Re: bandwidth by user or process id Gert Doering (Oct 05)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)
- Re: bandwidth by user or process id Gert Doering (Oct 06)
- Re: bandwidth by user or process id Gerald Combs (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)