On 22/12/06, Beni Cherniavsky <[EMAIL PROTECTED]> wrote:
On 20/12/06, Danny Lieberman <[EMAIL PROTECTED]> wrote:
> How do I get the real IO (block reads/writes per second, not cached) of
> each process on a running Linux system?
> vmstat and iostat dont provide process level detail
>
Same question about sockets - how do I find out which process hogs my
network bandwidth?
My current best solution is to use iftop to find the offending
connection and then grep for the endpoint in lsof -i, which kind of
works but feels silly.
First - to map network connections to processes all you have to do is add
"-p" to netstat (as root, otherwise it'll list only your own processes).
Secondly - I asked a similar question ("how to count Skype traffic") a few
months ago and was made aware of iptable's "owner" module, something like:
iptables -A OUTPUT -m owner --gid-owner skype --out-interface eth0
--protocol tcp -m recent --rdest --set --name Skype -j CONNMARK --set-mark 1
with my skype binary having a setgid bit set allows me to mark any new
connection created by skype for later matching by rules like:
iptables -A OUTPUT -m connmark --mark 1 -m comment --comment skype-out-tcp
And then I retrieve the packet/byte counter on that rule.
You can match by UID, PID and command name.
Similar rules match incoming connections as well as UDP and ICMP.
In general - you can learn a lot from printing and reading the iptables
manual cover-to-cover, you'll get some pretty cheeky ideas on the way (e.g.
maybe dynamically add rules to mark new connection to/from programs so the
packets can be traced back).
HTH,
--Amos
