[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-newbie
Subject: Re: programs/daemons/PIDs using the network
From: Karthik Vishwanath <karthikv () Alum ! Dartmouth ! ORG>
Date: 2005-08-14 5:04:02
Message-ID: Pine.LNX.4.44.0508131642470.24315-100000 () treebeard ! engin ! umich ! edu
[Download RAW message or body]
You assumed correctly, Ray -- the activity was really strange, since it
was showing after I had ascertained that I had shut down all browsers/ p2p
clients/ mail clients.
I have apt-gotten darkstat, and it seems to be something exactly along the
lines of what I needed (sets up html ouput on localhost, pretty cool) --
thanks, Ray!
-K
On Sat, 13 Aug 2005, at 09:37, Ray Olszewski wrote to linux-newbie@vger.ker...:
> Richard Adams wrote:
> > On Friday 12 August 2005 07:27, Karthik Vishwanath wrote:
> >
> >>Hello,
> >>
> >>I run icewm as a window manager and have the network status displayed on
> >>the task-bar. Sometimes I notice quite some activity on the network,
> >>without really knowing which process is responsible for that. I would like
> >>to determine the progam-name(s)/daemon(s) and the PID(s) that are involved
> >>actively in sending/receiving data on the network.
> >
> >
> > Without knowing anything about your systen, ie what processes are running one
> > can only guess as to what is causing traffic on your network.
> >
> > Mail programs which check at regular intervals for mail is one which comes to
> > mind strait away, others are dhcp if used and there are of course many more.
>
> Assuming Karthik knows what he's talking about (and he's posted here for
> long enough that if he says "quite some acticity", he surely means more
> than a trickle), these are not likely candidates for creating *heavy*
> loads on a LAN. A better guess would be something Samba related, or
> maybe VNC, or maybe some p2p app ... but these are just wild guesses and
> not what Karthik asked about anyway.
>
> >
> >>I tried netstat with the -e, -p, -l and the -a flags, but could not locate
> >>the program that was actively using the network. What am I missing, what
> >>must I try?
> >
> >
> > I would use 'netstat -t' as soon as i saw traffic, but then i would be running
> > 'tcpdump' in an xterm to monitor traffic, one would then see ip#'s and most
> > important port numbers, knowing the port number one then looks
> > into /etc/services to see what program is causing the traffic.
>
> Maybe. These days, /etc/services isn't as complete as it once was.
> There's an Web site somewhere with a more current list of IANA port
> assignments than /etc/services usually provides. But in any case, you
> don't want to know the *service* involved; you want to know what client
> is involved, and that is a bit trickier to determine. See next comment.
>
> > Of course there are other ways to check as well but the above is what i would
> > be doing if i was concerned.
>
> Good thoughts generally, Richard, but I'd suggest a few differences in
> the details.
>
> 1. netstat -t won't tell you much ... especially if the traffic isn't
> caused by a tcp connection. More useful is something like netstat -anp
> (run as root), which gives you (among other things) a list of source
> ports, destination aaddresses, and associated PIDs. So if you find the
> ports that are causing the traffic, this links them to programs.
>
> 2. For tracking the traffic itself, I don't know anything better than
> tcpdump or its equivalent (e.g., ethereal) to monitor port-by-port
> traffic levels. Surely someone has written a wrapper for one of these
> sniffers that will track traffic by port number, though. No?
>
> Update: a quick Google search led me to darkstar, a minimalist sniffer
> that offers an option to report cumulative traffic by port (a screenshot
> show this output format). Look at http://dmr.ath.cx/net/darkstat/ for
> details. I don't recall what distro you use, Karthik, but I did see that
> Debian packages were available.
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic