- Original Message
From: Rob Hasselbaum r...@hasselbaum.net
To: tcpdump-workers@lists.tcpdump.org
Sent: Tue, October 5, 2010 4:07:14 PM
Subject: Re: [tcpdump-workers] bandwidth by user or process id
Right, generally, the local or remote port will be different for different
PIDs
- Original Message
From: Phil Vandry van...@tzone.org
To: Rob Hasselbaum r...@hasselbaum.net
Cc: tcpdump-workers@lists.tcpdump.org
Sent: Tue, October 5, 2010 7:53:16 PM
Subject: Re: [tcpdump-workers] bandwidth by user or process id
On Mon, 4 Oct 2010 09:51:39 -0400 Rob
- Original Message
From: Gerald Combs ger...@wireshark.org
To: tcpdump-workers@lists.tcpdump.org
Cc: Rob Hasselbaum r...@hasselbaum.net
Sent: Tue, October 5, 2010 8:14:57 PM
Subject: Re: [tcpdump-workers] bandwidth by user or process id
You can also catch events using
2010/10/6 Patrick Kurz kurzpatr...@ymail.com:
- Original Message
From: Phil Vandry van...@tzone.org
To: Rob Hasselbaum r...@hasselbaum.net
Cc: tcpdump-workers@lists.tcpdump.org
Sent: Tue, October 5, 2010 7:53:16 PM
Subject: Re: [tcpdump-workers] bandwidth by user or process id
hi,
On Wed, Oct 06, 2010 at 01:29:58AM -0700, Patrick Kurz wrote:
Let's say 10 users transfer large amounts of data through ssh at the same
time.
I assume in this situation 10 different processes would share the same
socket,
They won't. This (normally) only happens for server processes
On Tue, Oct 5, 2010 at 1:53 PM, Phil Vandry van...@tzone.org wrote:
On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net
wrote:
Yes, it is possible (on Linux, anyway), but not extremely easy. You can
correlate packet data to the kernel's network connection table and
network
On Wed, Oct 6, 2010 at 8:47 AM, Rob Hasselbaum r...@hasselbaum.net wrote:
On Tue, Oct 5, 2010 at 1:53 PM, Phil Vandry van...@tzone.org wrote:
On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net
wrote:
Yes, it is possible (on Linux, anyway), but not extremely easy. You can
On Wed, Oct 06, 2010 at 01:30:14AM -0700, Patrick Kurz wrote:
I was also slightly concerned about short-lived connections. But if the
measured
bandwidth is accurate by 10%, it is sufficient for my use case.
What kind of applications do in general create such short-lived connections
and
From: Rob Hasselbaum r...@hasselbaum.net
To: tcpdump-workers@lists.tcpdump.org
Sent: Mon, October 4, 2010 10:35:02 PM
Subject: Re: [tcpdump-workers] bandwidth by user or process id
For typical point-to-point IP traffic, the combination of local address,
local
Hi,
On Tue, Oct 05, 2010 at 02:14:19AM -0700, Patrick Kurz wrote:
For typical point-to-point IP traffic, the combination of local address,
local port, remote address, remote port, and transport protocol (TCP or UDP)
is the closest thing you have to a unique key.
Are you saying, that this
On Tue, Oct 5, 2010 at 5:46 AM, Gert Doering g...@greenie.muc.de wrote:
Hi,
On Tue, Oct 05, 2010 at 02:14:19AM -0700, Patrick Kurz wrote:
For typical point-to-point IP traffic, the combination of local address,
local port, remote address, remote port, and transport protocol (TCP or
UDP)
On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net wrote:
Yes, it is possible (on Linux, anyway), but not extremely easy. You can
correlate packet data to the kernel's network connection table and network
connections to inode values by reading /proc/net/tcp* and
Isn't that
Phil Vandry wrote:
On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net wrote:
Yes, it is possible (on Linux, anyway), but not extremely easy. You can
correlate packet data to the kernel's network connection table and network
connections to inode values by reading
On Mon, Oct 4, 2010 at 8:49 AM, Patrick Kurz kurzpatr...@ymail.com wrote:
Dear all,
I am looking for a solution to monitor bandwidth usage
a) broken up by source and destination ip address
b) broken up by either user or process (pid) which is causing the bandwidth
Yes, it is possible (on
? local_address and rem_address are not unique, or did I miss something?
Thanks
Patrick
From: Rob Hasselbaum r...@hasselbaum.net
To: tcpdump-workers@lists.tcpdump.org
Sent: Mon, October 4, 2010 3:51:39 PM
Subject: Re: [tcpdump-workers] bandwidth by user
On Mon, Oct 4, 2010 at 10:53 AM, Patrick Kurz kurzpatr...@ymail.com wrote:
One more question: which part of a line from /proc/net/tcp like the
following
has a unique counterpart in the packet captured with pcap?
sl local_address rem_address st tx_queue rx_queue tr tm-when retrnsmt
uid
On Mon, Oct 4, 2010 at 4:35 PM, Rob Hasselbaum r...@hasselbaum.net wrote:
On Mon, Oct 4, 2010 at 10:53 AM, Patrick Kurz kurzpatr...@ymail.comwrote:
One more question: which part of a line from /proc/net/tcp like the
following
has a unique counterpart in the packet captured with pcap?
sl
17 matches
Mail list logo