[CentOS] Find out which process consumed Network bandwidth

Tue Sep 14 01:47:22 UTC 2021
MRob <mrobti at insiberia.net>

> See "man iptables-extensions" and "man iptables". I don't know how this
> works with firewall-cmd, but I imagine firewalld "just" manages 
> iptables?

Yes thats right

>>>> I am running CentOS Linux release 7.9.2009 (Core). Is there a way to 
>>>> find
>>>> out which process consumed network bandwidth during a specific time 
>>>> period?
>>>> For example, the Nginx process consumed how much network traffic on 
>>>> Sept
>>>> 01, 2021.
>>> As far as I know, such accounting isn't done in a standard CentOS
>>> system, so there's no way to determine such information about a past 
>>> event
> While you probably can't recover such information for past events,
> going forward, iptables can help you figure this out. Putting an 
> IPtables
> rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.:
>     iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT
> because now "iptables -L" will display a count of the packets that 
> matched
> each rule and the number of bytes. By comparing with the total packets
> and bytes for a given time period, you can work out the share for 
> nginx.
> You can also estimate packet and byte counts by IP and port using this
> method. You could run an hourly cronjob to log the stats.

That is nice solution! Why do you add a new output rule rather you can 
look at the existing port rule:

# iptables -v -L | grep https
xxx yyy ACCEPT     tcp  --  any    any     anywhere             anywhere 
             tcp dpt:https ctstate NEW,UNTRACKED

xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what 
is gained?