Re: bandwidth by user or process id

[Phil Vandry <vandry () TZoNE ORG>]

On Wed, Oct 06, 2010 at 01:30:14AM -0700, Patrick Kurz wrote:
> I was also slightly concerned about short-lived connections. But if the measured 
> bandwidth is accurate by 10%, it is sufficient for my use case.
> What kind of applications do in general create such short-lived connections and 
> still produce considerable traffic (say, more than 100MB/hour)?

I dunno, maybe BitTorrent when it's quickly going through lots of potential
peers. But as Rob pointed out, even then the entries stick around for a
little while in the table in TIME_WAIT state so it's hard to miss them.

> Very good suggestion. I'll learn more about iptables.
> Do you know if this would also be able to distinguish the bandwidth consumed by 
> different users on the same shared socket (e.g. ssh) as Rob pointed out in the 
> previous post?

It's rare for different processes belonging to different users to actually
share the same socket so I don't think you'd need to worry about that.
In the case of ssh, each new session has its own independant socket.

On Wed, Oct 06, 2010 at 11:07:23AM +0200, Maciej Grela wrote:
> BTW, is it possible to monitor *incoming* packages using this kind of rule ?

I don't think so. This technique is looking less useful by the minute :-)

-Phil
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.