Re: bandwidth by user or process id

[Patrick Kurz <kurzpatrick () ymail com>]

----- Original Message ----

> From: Rob Hasselbaum <rob () hasselbaum net>
> To: tcpdump-workers () lists tcpdump org
> Sent: Tue, October 5, 2010 4:07:14 PM
> Subject: Re: [tcpdump-workers] bandwidth by user or process id
>
> Right, generally, the local or remote  port will be different for different
> PIDs even if the IP addresses are the  same. There is one catch, though. It
> is possible on Linux to share sockets  (network connections) between two or
> more processes. For example, the openSSH  daemon spawns a new process for
> each new connection, and if you look at the  "/proc/*/fd" tables of the
> parent and child processes, you'll see the same  socket appears to be owned
> by both. When this happens. it's likely only one  of them is actually using
> the connection, but I have not found a way to tell  which one, and I suspect
> it's not possible in userland because even "netstat"  balks at this case.

This may be a serious problem in my application. But as you have noticed from my 
previous posts, I'm not too familiar with networking technicalities, so that I 
may have misunderstood something.
Let's say 10 users transfer large amounts of data through ssh at the same time. 
I assume in this situation 10 different processes would share the same socket, 
and your workaround to assign traffic to either the newest or oldest process 
wouldn't help. Am I wrong?

Thanks
Patrick



      

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.