How to log what process is using bandwidth?
Hi
I need to find out what process is using bandwidth sometime in the past. This is on Ubuntu 14.04 server. Logging one ethernet NIC going to the internets. I tried vnstat but it does log processes. I tried nethogs but it does not log anything and if you look at the screen 5 days later (or just one hour later) it is blank as the stuff just scrolls off. I tried ntop but it does not not log processes. Ntop appears to have some sort of log called "top talkers" which seems to show sites contacted. I would settle for that, but I can't make head nor tails of this log. These top talkers seem to be based on data rate and not data amount which is useless. Is there an elegant solution that logs and shows the heavy hitters (as opposed to logging everything and filling the disk in short order)? Thanks |
You need to use nethogs command. It is a small “net top” tool.
https://www.cyberciti.biz/faq/linux-...ing-bandwidth/ http://serverfault.com/questions/407...g-my-bandwidth You can also give Wireshark a try. It's a good software program that does a lot of stuff. It will even show you if your ISP is throttling you. You will have to read the documentation and learn how to run Wireshirk. https://www.wireshark.org/docs/wsug_...ldInstall.html https://wiki.archlinux.org/index.php/wireshark Otherwise; wait for other members to give you suggestions.--:) Good Luck- |
Quote:
As a last resort I can look at something like wireshark or tcpdump. I'd be on a steep learning curve and I think those log everything/fill-up the disk. I should first check and see if there is an existing app. |
You're Welcome-;)
Yup, Wireshark does have a learning curve. I've never tried tcpdump. Good luck and Happy Thanksgiving. http://www.tcpdump.org/ https://danielmiessler.com/study/tcpdump/#gs.ID=EpoI |
iptraf logs.
|
Thanks Habitual:-
Would the ip traffic log be in /var/log/messages? (I'm not on a server) |
Quote:
Quote:
I gave it a try with logging, and (unless I'm mistaken) it produces raw output that essentially requires a whole-nother program to make sense of the output. The same dilemma as with programs such as tcpdump. Also there is no process info. The irony is that, in my search for such a tool, I keep tripping over Windoze apps. I would have thought it would be the other way-around where linux would have a plethora of tools like this. ;) |
Quote:
I'd think that there would be something within the application itself that would interpret the output.Isn't there something called ethereal that opens the raw dump and interprets it for you? Based on what you found (your search) it doesn't sound like understanding what's being analyzed and produced isn't easy to interpret. I see that interpreting the output isn't a walk in the park. Examining tcpdump Output http://books.gigatux.nl/mirror/snort...-2-SECT-6.html -::- Maybe Habitual knows a way around this:-;)-::- http://www.binarytides.com/linux-com...nitor-network/ https://www.google.com/#q=linux+prog...ing+ip+traffic |
collectl? ?? (1st LQguru to post right switches wins /proc/$$/net/...;) )
|
Code:
sudo apt-get install -y iptraf When iptraf is set to log (enabled upon start? Check!) it will collect packets similar to wireshark/tcpdump but in textual format. Are you hosting publicly accessible website content? Is this a "server" with Wordpress, Joomla!? Is this a hosted solution such as a VPS, or a rented/leased Dedicated Server? If you can't make heads or tails of the log, I suppose a snippet of any log you have could be sanitized and posted? Say 50 lines at http://pastie.org/ Make it Private and paste the url here after your review for sensitive info. Or not. Measuring "bandwidth": 18 commands to monitor network bandwidth on Linux server Find one you like, use it, make an assessment and let us know. Start a new thread and reference this one as "history". :) The shed is pretty well stocked with "bandwidth" tools. Code:
vnstat Install it using: Code:
sudo apt-get install vnstat Code:
vnstat If no data, then you may have > 1 NIC or it may be checking the wrong interface. When I install vnstat, I set a perm alias using Code:
export vnstat="vnstat -i eth1" You may not have an "eth1" designated interface, adjust accordingly. vnstat does log summary data. Good Luck. |
All times are GMT -5. The time now is 04:49 PM. |