lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <452285FD.7010909@us.ibm.com>
Date:	Tue, 03 Oct 2006 10:47:09 -0500
From:	"Jose R. Santos" <jrs@...ibm.com>
To:	Irfan Habib <irfan.habib@...il.com>
CC:	Linux kernel <linux-kernel@...r.kernel.org>,
	SystemTAP <systemtap@...rces.redhat.com>
Subject: Re: Fwd: Any way to find the network usage by a process?

Irfan Habib wrote:
> Hi,
>
> Is there any method either kernel or user level which tells me which
> process is generating how much traffic from a machine. For example if
> some process is flooding the network, then I would like to know which
> process (PID ideally), is generating the most traffic.
>
>   

A while ago I did a SystemTap script to solve a problem similar to 
this.  It's been siting in my system for a while collecting dust and you 
currently don't need the embedded C code since the networking.stp tapset 
has all this script needs(and more), but I should point you in the right 
direction.

This worked a couple of months ago but it is currently untested.  Hope 
it helps.

-JRS


global ifstats, ifdevs, execname

%{
#include<linux/skbuff.h>
#include<linux/netdevice.h>
%}

probe kernel.function("dev_queue_xmit")
{
        execname[pid()] = execname()
        name=skb_to_name($skb)
        ifdevs[name] = name
        ifstats[pid(),name] <<< 1
}

function skb_to_name:string (skbuff:long)
%{
        struct sk_buff *skbuff = (struct sk_buff *)((long)THIS->skbuff);
        struct net_device *netdev = skbuff->dev;
        sprintf (THIS->__retvalue, "%s" , netdev->name);
%}

probe timer.ms(5000)
{
        exit()
}

probe end {
        foreach( pid in execname) {
                if (pid == 0) continue
                printf("%15s[%5d] ->\t", execname[pid],pid)
                foreach( ifname in ifdevs) {
                        printf("[%s:%7d] \t", ifname, 
@count(ifstats[pid, ifname]))
                }
                print("\n")
        }
        print("\n")
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ