Re: [tcpdump-workers] bandwidth by user or process id

- Original Message From: Rob Hasselbaum r...@hasselbaum.net To: tcpdump-workers@lists.tcpdump.org Sent: Tue, October 5, 2010 4:07:14 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id Right, generally, the local or remote port will be different for different PIDs

Re: [tcpdump-workers] bandwidth by user or process id

- Original Message From: Phil Vandry van...@tzone.org To: Rob Hasselbaum r...@hasselbaum.net Cc: tcpdump-workers@lists.tcpdump.org Sent: Tue, October 5, 2010 7:53:16 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id On Mon, 4 Oct 2010 09:51:39 -0400 Rob

Re: [tcpdump-workers] bandwidth by user or process id

- Original Message From: Gerald Combs ger...@wireshark.org To: tcpdump-workers@lists.tcpdump.org Cc: Rob Hasselbaum r...@hasselbaum.net Sent: Tue, October 5, 2010 8:14:57 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id You can also catch events using

Re: [tcpdump-workers] bandwidth by user or process id

2010/10/6 Patrick Kurz kurzpatr...@ymail.com: - Original Message From: Phil Vandry van...@tzone.org To: Rob Hasselbaum r...@hasselbaum.net Cc: tcpdump-workers@lists.tcpdump.org Sent: Tue, October 5, 2010 7:53:16 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id

Re: [tcpdump-workers] bandwidth by user or process id

hi, On Wed, Oct 06, 2010 at 01:29:58AM -0700, Patrick Kurz wrote: Let's say 10 users transfer large amounts of data through ssh at the same time. I assume in this situation 10 different processes would share the same socket, They won't. This (normally) only happens for server processes

Re: [tcpdump-workers] bandwidth by user or process id

On Tue, Oct 5, 2010 at 1:53 PM, Phil Vandry van...@tzone.org wrote: On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net wrote: Yes, it is possible (on Linux, anyway), but not extremely easy. You can correlate packet data to the kernel's network connection table and network

Re: [tcpdump-workers] bandwidth by user or process id

On Wed, Oct 6, 2010 at 8:47 AM, Rob Hasselbaum r...@hasselbaum.net wrote: On Tue, Oct 5, 2010 at 1:53 PM, Phil Vandry van...@tzone.org wrote: On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net wrote: Yes, it is possible (on Linux, anyway), but not extremely easy. You can

Re: [tcpdump-workers] bandwidth by user or process id

On Wed, Oct 06, 2010 at 01:30:14AM -0700, Patrick Kurz wrote: I was also slightly concerned about short-lived connections. But if the measured bandwidth is accurate by 10%, it is sufficient for my use case. What kind of applications do in general create such short-lived connections and

Re: [tcpdump-workers] bandwidth by user or process id

From: Rob Hasselbaum r...@hasselbaum.net To: tcpdump-workers@lists.tcpdump.org Sent: Mon, October 4, 2010 10:35:02 PM Subject: Re: [tcpdump-workers] bandwidth by user or process id For typical point-to-point IP traffic, the combination of local address, local

Re: [tcpdump-workers] bandwidth by user or process id

Hi, On Tue, Oct 05, 2010 at 02:14:19AM -0700, Patrick Kurz wrote: For typical point-to-point IP traffic, the combination of local address, local port, remote address, remote port, and transport protocol (TCP or UDP) is the closest thing you have to a unique key. Are you saying, that this

Re: [tcpdump-workers] bandwidth by user or process id

On Tue, Oct 5, 2010 at 5:46 AM, Gert Doering g...@greenie.muc.de wrote: Hi, On Tue, Oct 05, 2010 at 02:14:19AM -0700, Patrick Kurz wrote: For typical point-to-point IP traffic, the combination of local address, local port, remote address, remote port, and transport protocol (TCP or UDP)

Re: [tcpdump-workers] bandwidth by user or process id

On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net wrote: Yes, it is possible (on Linux, anyway), but not extremely easy. You can correlate packet data to the kernel's network connection table and network connections to inode values by reading /proc/net/tcp* and Isn't that

Re: [tcpdump-workers] bandwidth by user or process id

Phil Vandry wrote: On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum r...@hasselbaum.net wrote: Yes, it is possible (on Linux, anyway), but not extremely easy. You can correlate packet data to the kernel's network connection table and network connections to inode values by reading

Re: [tcpdump-workers] bandwidth by user or process id

On Mon, Oct 4, 2010 at 8:49 AM, Patrick Kurz kurzpatr...@ymail.com wrote: Dear all, I am looking for a solution to monitor bandwidth usage a) broken up by source and destination ip address b) broken up by either user or process (pid) which is causing the bandwidth Yes, it is possible (on

Re: [tcpdump-workers] bandwidth by user or process id

? local_address and rem_address are not unique, or did I miss something? Thanks Patrick From: Rob Hasselbaum r...@hasselbaum.net To: tcpdump-workers@lists.tcpdump.org Sent: Mon, October 4, 2010 3:51:39 PM Subject: Re: [tcpdump-workers] bandwidth by user

Re: [tcpdump-workers] bandwidth by user or process id

On Mon, Oct 4, 2010 at 10:53 AM, Patrick Kurz kurzpatr...@ymail.com wrote: One more question: which part of a line from /proc/net/tcp like the following has a unique counterpart in the packet captured with pcap? sl local_address rem_address st tx_queue rx_queue tr tm-when retrnsmt uid

Re: [tcpdump-workers] bandwidth by user or process id

On Mon, Oct 4, 2010 at 4:35 PM, Rob Hasselbaum r...@hasselbaum.net wrote: On Mon, Oct 4, 2010 at 10:53 AM, Patrick Kurz kurzpatr...@ymail.comwrote: One more question: which part of a line from /proc/net/tcp like the following has a unique counterpart in the packet captured with pcap? sl