Does anyone know of a way to track TCP/IP traffic by TCP/UDP port and/or by process/daemon with CentOS? I know a variety of ways to track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm not sure how to be approach seeing traffic by application, port, or process.
One option would be to write something that would sift through different stuff for each daemon (for example, with apache, you could add up all the bytes sent by summing up the values in 'access_log'), but I was hoping for a more centralized method that would work the same for all daemons and/or ports.
One approach I have though about is using iptables... "iptables -L -n -v" gives detail on packets and byte counts by ACL entry. Does anyone have any experience with any tools that grab this info and graph/report on it?
My searches have yielded tons of hits, but none of it seems relevant. Are there any tools that measure this?
Thanks, KC
On 8/1/05, Kennedy Clark hkclark@gmail.com wrote:
Does anyone know of a way to track TCP/IP traffic by TCP/UDP port and/or by process/daemon with CentOS? I know a variety of ways to track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm not sure how to be approach seeing traffic by application, port, or process.
How about http://www.ethereal.com/ ?
I believe that "out of the box" it just monitors everything, but you can create filters so it only looks for certain activities. Also, it can be a hog.
tcpdump is another similar tool.
Greg
On Mon, August 1, 2005 8:05 am, Kennedy Clark said:
Does anyone know of a way to track TCP/IP traffic by TCP/UDP port and/or by process/daemon with CentOS? I know a variety of ways to track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm not sure how to be approach seeing traffic by application, port, or process.
One option would be to write something that would sift through different stuff for each daemon (for example, with apache, you could add up all the bytes sent by summing up the values in 'access_log'), but I was hoping for a more centralized method that would work the same for all daemons and/or ports.
iptraf will show you real time information by port ... and netstat -aptn will show you what programs/services are using which ports
One approach I have though about is using iptables... "iptables -L -n -v" gives detail on packets and byte counts by ACL entry. Does anyone have any experience with any tools that grab this info and graph/report on it?
My searches have yielded tons of hits, but none of it seems relevant. Are there any tools that measure this?
Thanks, KC
On Mon, 2005-08-01 at 09:05, Kennedy Clark wrote:
Does anyone know of a way to track TCP/IP traffic by TCP/UDP port and/or by process/daemon with CentOS? I know a variety of ways to track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm not sure how to be approach seeing traffic by application, port, or process.
You might like to look at ntop. I believe it may do what you want.
Am Mo, den 01.08.2005 schrieb Kennedy Clark um 15:05:
Does anyone know of a way to track TCP/IP traffic by TCP/UDP port and/or by process/daemon with CentOS? I know a variety of ways to track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm not sure how to be approach seeing traffic by application, port, or process.
One option would be to write something that would sift through different stuff for each daemon (for example, with apache, you could add up all the bytes sent by summing up the values in 'access_log'), but I was hoping for a more centralized method that would work the same for all daemons and/or ports.
One approach I have though about is using iptables... "iptables -L -n -v" gives detail on packets and byte counts by ACL entry. Does anyone have any experience with any tools that grab this info and graph/report on it?
KC
ipag-ng and mrtg
http://sourceforge.net/projects/ipac-ng (http://martybugs.net/linux/ipac.cgi) http://www.saas.nsw.edu.au/solutions/ipac-2-mrtg.html
Alexander
ipag-ng and mrtg
http://sourceforge.net/projects/ipac-ng (http://martybugs.net/linux/ipac.cgi) http://www.saas.nsw.edu.au/solutions/ipac-2-mrtg.html
Alexander
Excellent suggestions! Many thanks to all for their assistance... this list is great!
The ntop & ipag sound especially interesting (I should have specified that I happen to be looking for more of a long-term monitoring solution). I already have ntop running (nice and easy using Dag's repo!) and will check out ipag.
Thanks again, KC
-
Alexander Dalloz -
Greg Knaddison -
Johnny Hughes -
Kennedy Clark -
Scot L. Harris