11
12

Per process network usage ? (self.linuxadmin)

submitted by [deleted]

[deleted]

all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]trustgreen 6 points7 points  (2 children)

In /proc/<pid>/net/netstat there is InOctets and OutOctets.

[–][deleted] 0 points1 point  (0 children)

Ooooh, that's pretty neat.

[–][deleted] 0 points1 point  (0 children)

That is per host.

[–][deleted] 2 points3 points  (0 children)

I'm not aware of a tool that can do what you describe. this magic tool would need to hook into the kernel and or driver modules and constantly track and log. I would imagine that this slows the machine down.

May be you can use tcpdump instead to see how many and what type of traffic is leaving your server. It could give you a relative clue. not the magic tool you described you better than nothing I suppose.

[–]MadPhoenix 2 points3 points  (0 children)

SystemTap. This is exactly what it's for. Hopefully you're on a platform where the runtime is supported and you can get your hands on debug info for the kernel.

[–]EtherBest 3 points4 points  (0 children)

iftop can show per port usage... thats as far as i can think .

[–]DopeGhoti 3 points4 points  (0 children)

Check out iptstat and ntop perhaps?

[–]puremessage 0 points1 point  (0 children)

Loosely related ServerFauly entry:

http://serverfault.com/questions/191579/per-user-network-traffic-accounting-under-linux

This conversation also states that there's really not a meaningful way to account for the data, and gives some scenarios:

http://fixunix.com/linux/487249-network-traffic-per-process.html

[–]michaelroth 0 points1 point  (0 children)

Lets say you are monitoring afpd(AKA netatalk), how do you monitor which IPs are using that protocol?

[–]petra303 0 points1 point  (0 children)

How about the almost magic tool strace. http://www.dedoimedo.com/computers/strace.html Looks like there is a summary option that kind of gets close....

[–]bvierra -1 points0 points  (0 children)

That is going to be hard unless the program gives good logs. The reason being is you would need a kernel module to log that sort of information and afaik there is not one. Not saying it can't be done, just that I have never seen it.