Amos
That is a great answer for network connections. Thanks - I am familiar
with netstat -p
My question regards DISK IO, (remember when processes were said to be
"io-bound" or "cpu-bound"?)
I have a simply question, namely "How many disk block reads and writes
is a process doing over a given period of time, and what is the minimum,
maximum and average stats"
This seemingly trivial question (which can easily be answered in a
Windows operating system using the system performance monitor) appears
to be a gray area at best.
I know there is work on io-accounting in the new versions of the kernel
-- but a) I dont have the luxury of updating the kernel and b) these are
stats I would expect to see in user space
like vmstat or top in any version of the kernel.
Still waiting for an answer.
I am sure one of the people on the list will know the answer.
Danny
Amos Shapira wrote:
On 22/12/06, *Beni Cherniavsky* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
On 20/12/06, Danny Lieberman <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
> How do I get the real IO (block reads/writes per second, not
cached) of
> each process on a running Linux system?
> vmstat and iostat dont provide process level detail
>
Same question about sockets - how do I find out which process hogs my
network bandwidth?
My current best solution is to use iftop to find the offending
connection and then grep for the endpoint in lsof -i, which kind of
works but feels silly.
First - to map network connections to processes all you have to do is
add "-p" to netstat (as root, otherwise it'll list only your own
processes).
Secondly - I asked a similar question ("how to count Skype traffic") a
few months ago and was made aware of iptable's "owner" module,
something like:
iptables -A OUTPUT -m owner --gid-owner skype --out-interface eth0
--protocol tcp -m recent --rdest --set --name Skype -j CONNMARK
--set-mark 1
with my skype binary having a setgid bit set allows me to mark any new
connection created by skype for later matching by rules like:
iptables -A OUTPUT -m connmark --mark 1 -m comment --comment
skype-out-tcp
And then I retrieve the packet/byte counter on that rule.
You can match by UID, PID and command name.
Similar rules match incoming connections as well as UDP and ICMP.
In general - you can learn a lot from printing and reading the
iptables manual cover-to-cover, you'll get some pretty cheeky ideas on
the way ( e.g. maybe dynamically add rules to mark new connection
to/from programs so the packets can be traced back).
HTH,
--Amos
--
Danny Lieberman
Call us today!
--------------------------------------------------------------------------------------------
www.software.co.il - Deliver secure software to your customers
www.opensolutions.co.il - Reduce operational risk of information security
www.extrusiondetection.net - Stop data theft
www.software.co.il/pta - Download a free copy of the PTA-Practical threat
analysis tool
--------------------------------------------------------------------------------------------
Tel Aviv + 972 3 610-9750
Bethesda + 1-301-841-7122
Cell + 972 54 447-1114
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
