tcpdump mailing list archives
Re: bandwidth by user or process id
From: Patrick Kurz <kurzpatrick () ymail com>
Date: Wed, 6 Oct 2010 01:30:14 -0700 (PDT)
----- Original Message ----
From: Phil Vandry <vandry () TZoNE ORG> To: Rob Hasselbaum <rob () hasselbaum net> Cc: tcpdump-workers () lists tcpdump org Sent: Tue, October 5, 2010 7:53:16 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum <rob () hasselbaum net> wrote:Yes, it is possible (on Linux, anyway), but not extremely easy. You can correlate packet data to the kernel's network connection table and network connections to inode values by reading "/proc/net/tcp*" andIsn't that unreliable? The connection might be short-lived and disappear from /proc/net/{tc,ud}p* before you have a chance to find it.
I was also slightly concerned about short-lived connections. But if the measured bandwidth is accurate by 10%, it is sufficient for my use case. What kind of applications do in general create such short-lived connections and still produce considerable traffic (say, more than 100MB/hour)?
Since you are assuming Linux anyway, have you considered using iptables? If you don't have a huge number of users, you can create a rule like this for each uid: iptables -I OUTPUT -m owner --uid-owner <foo> -j ACCEPT and then just monitor the packet & byte counters on these rules.
Very good suggestion. I'll learn more about iptables. Do you know if this would also be able to distinguish the bandwidth consumed by different users on the same shared socket (e.g. ssh) as Rob pointed out in the previous post? Thanks Patrick - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: bandwidth by user or process id, (continued)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 04)
- Re: bandwidth by user or process id Patrick Kurz (Oct 05)
- Re: bandwidth by user or process id Gert Doering (Oct 05)
- Re: bandwidth by user or process id Rob Hasselbaum (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)
- Re: bandwidth by user or process id Gert Doering (Oct 06)
- Re: bandwidth by user or process id Gerald Combs (Oct 05)
- Re: bandwidth by user or process id Patrick Kurz (Oct 06)