> See "man iptables-extensions" and "man iptables". I don't know how this > works with firewall-cmd, but I imagine firewalld "just" manages > iptables? Yes thats right >>>> I am running CentOS Linux release 7.9.2009 (Core). Is there a way to >>>> find >>>> out which process consumed network bandwidth during a specific time >>>> period? >>>> >>>> For example, the Nginx process consumed how much network traffic on >>>> Sept >>>> 01, 2021. >>> As far as I know, such accounting isn't done in a standard CentOS >>> system, so there's no way to determine such information about a past >>> event > > While you probably can't recover such information for past events, > going forward, iptables can help you figure this out. Putting an > IPtables > rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.: > > iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT > > because now "iptables -L" will display a count of the packets that > matched > each rule and the number of bytes. By comparing with the total packets > and bytes for a given time period, you can work out the share for > nginx. > You can also estimate packet and byte counts by IP and port using this > method. You could run an hourly cronjob to log the stats. That is nice solution! Why do you add a new output rule rather you can look at the existing port rule: # iptables -v -L | grep https xxx yyy ACCEPT tcp -- any any anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what is gained?