LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   network traffic for a give user (https://www.linuxquestions.org/questions/linux-networking-3/network-traffic-for-a-give-user-795281/)

mario.almeida 03-14-2010 04:25 AM
network traffic for a give user
 
OS : CentOS 5.3 64bit

How to trace incoming and outgoing network traffic for a give user?

User 'A' logs in to the system and does various network connectivity

As root user need to find what are the outgoing and incoming connection that are related with user 'A'.

basically need to check the connection flow.

netstat will show ESTABLISHED, LISTEN etc..

need something like tcpdump

Eg:-
--user option for tcpdump
tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A

Can someone tell me any tool which can do such thing?

Even if it can show the process ID of the client application which is trying to establish network connectivity will do.

acid_kewpie 03-15-2010 02:17 PM
No. There's the Owner module for iptables which you could use to filter the connection creations with their UID's (and so with a limited number of user accounts you could have a separate rule for each user to log their traffic as it's not apparently possible to dynamically substitute the user in to the log message), but to directly view it like you want goes between too many layers of the system. by the time tcpdump inspects the data, it is long past being related to a user request.


All times are GMT -5. The time now is 05:10 AM.