Does anyone know of a way to track TCP/IP traffic by TCP/UDP port and/or by process/daemon with CentOS? I know a variety of ways to track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm not sure how to be approach seeing traffic by application, port, or process. One option would be to write something that would sift through different stuff for each daemon (for example, with apache, you could add up all the bytes sent by summing up the values in 'access_log'), but I was hoping for a more centralized method that would work the same for all daemons and/or ports. One approach I have though about is using iptables... "iptables -L -n -v" gives detail on packets and byte counts by ACL entry. Does anyone have any experience with any tools that grab this info and graph/report on it? My searches have yielded tons of hits, but none of it seems relevant. Are there any tools that measure this? Thanks, KC
On 8/1/05, Kennedy Clark <hkclark at gmail.com> wrote:> Does anyone know of a way to track TCP/IP traffic by TCP/UDP port > and/or by process/daemon with CentOS? I know a variety of ways to > track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm > not sure how to be approach seeing traffic by application, port, or > process. >How about http://www.ethereal.com/ ? I believe that "out of the box" it just monitors everything, but you can create filters so it only looks for certain activities. Also, it can be a hog. tcpdump is another similar tool. Greg
On Mon, August 1, 2005 8:05 am, Kennedy Clark said:> Does anyone know of a way to track TCP/IP traffic by TCP/UDP port > and/or by process/daemon with CentOS? I know a variety of ways to > track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm > not sure how to be approach seeing traffic by application, port, or > process. > > One option would be to write something that would sift through > different stuff for each daemon (for example, with apache, you could > add up all the bytes sent by summing up the values in 'access_log'), > but I was hoping for a more centralized method that would work the > same for all daemons and/or ports.iptraf will show you real time information by port ... and netstat -aptn will show you what programs/services are using which ports> > One approach I have though about is using iptables... "iptables -L -n > -v" gives detail on packets and byte counts by ACL entry. Does anyone > have any experience with any tools that grab this info and > graph/report on it? > > My searches have yielded tons of hits, but none of it seems relevant. > Are there any tools that measure this? > > Thanks, > KC-- Johnny Hughes <http://www.HughesJR.com/>
On Mon, 2005-08-01 at 09:05, Kennedy Clark wrote:> Does anyone know of a way to track TCP/IP traffic by TCP/UDP port > and/or by process/daemon with CentOS? I know a variety of ways to > track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm > not sure how to be approach seeing traffic by application, port, or > process.You might like to look at ntop. I believe it may do what you want. -- Scot L. Harris webid at cfl.rr.com First study the enemy. Seek weakness. -- Romulan Commander, "Balance of Terror", stardate 1709.2
Am Mo, den 01.08.2005 schrieb Kennedy Clark um 15:05:> Does anyone know of a way to track TCP/IP traffic by TCP/UDP port > and/or by process/daemon with CentOS? I know a variety of ways to > track it in total (e.g., ifInOctets & ifOutOctets with SNMP), but I'm > not sure how to be approach seeing traffic by application, port, or > process. > > One option would be to write something that would sift through > different stuff for each daemon (for example, with apache, you could > add up all the bytes sent by summing up the values in 'access_log'), > but I was hoping for a more centralized method that would work the > same for all daemons and/or ports. > > One approach I have though about is using iptables... "iptables -L -n > -v" gives detail on packets and byte counts by ACL entry. Does anyone > have any experience with any tools that grab this info and > graph/report on it?> KCipag-ng and mrtg http://sourceforge.net/projects/ipac-ng (http://martybugs.net/linux/ipac.cgi) http://www.saas.nsw.edu.au/solutions/ipac-2-mrtg.html Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 15:14:23 up 16 days, 19:46, load average: 0.28, 0.24, 0.19 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: <http://lists.centos.org/pipermail/centos/attachments/20050801/e67a78fc/attachment-0002.sig>
> > ipag-ng and mrtg > > http://sourceforge.net/projects/ipac-ng > (http://martybugs.net/linux/ipac.cgi) > http://www.saas.nsw.edu.au/solutions/ipac-2-mrtg.html > > AlexanderExcellent suggestions! Many thanks to all for their assistance... this list is great! The ntop & ipag sound especially interesting (I should have specified that I happen to be looking for more of a long-term monitoring solution). I already have ntop running (nice and easy using Dag's repo!) and will check out ipag. Thanks again, KC