HPE Community
Operating System - HP-UX
1833187 Members
2743 Online
110051 Solutions
New Discussion

Network usage of processes - any easy way?

 
Alzhy
Honored Contributor

‎07-12-2005 12:25 AM

‎07-12-2005 12:25 AM

Network usage of processes - any easy way?

Trying to find out what UNIX processes are using the network extensively.. Is there an easy way to find out what processes are using the network bandwidth?
Hakuna Matata.
0 Kudos
Reply
4 REPLIES 4
Mel Burslan
Honored Contributor

‎07-12-2005 12:34 AM

‎07-12-2005 12:34 AM

Re: Network usage of processes - any easy way?

one comes to mind is very crude use of lsof

lsof | grep lan

Other than this, I would like to know if anyone has any elaborate solution to this myself too.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Steve Lewis
Honored Contributor

‎07-12-2005 12:50 AM

‎07-12-2005 12:50 AM

Re: Network usage of processes - any easy way?

If it creates a socket and CONNECTs to another server then probably not - people tend to accept any IP when creating the socket.

However if it creates a socket then LISTENs for connections, then you can monitor inbound traffic like this.

Create a virtual interface with a different IP e.g. ifconfig lan1:1 unused_ip netmask.

Tell the clients of this one application to connect to the IP of the virtual interface instead of the usual one.

Then monitor the traffic using netstat -i

It only helps you one way but its better than nothing.



0 Kudos
Reply
D Block 2
Respected Contributor

‎07-12-2005 01:00 AM

‎07-12-2005 01:00 AM

Re: Network usage of processes - any easy way?

I also think LSOF is the best tool, run:

lsof -i tcp

to find the PROCESS-ID, then you can monitor
the process using Glance and also lsof -p

also, for udp:
lsof -i udp

Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Reply
rick jones
Honored Contributor

‎07-13-2005 02:52 AM

‎07-13-2005 02:52 AM

Re: Network usage of processes - any easy way?

lsof will tell you which processes have sockets open bound to which IP addresses and ports, but will not (IIRC) tell you how much traffic each of those are receiving.

If you are curious about a specific application, and you've learned its "network" file descriptors via lsof, you could I suppose use tusc to trace the system calls involving those file descriptors, and parse things like the return values from read and write to see how much data that application is exchanging. The overhead is probably non-trivial.

Or, if you know you are interested in a specific port number (because you know that connections involving application foo involve that port number) you could use tcpdump or perhaps ethereal to trace the actual traffic. That too can give you bytes per second (when parsed at least) and can also give packets per second - CPU overhead of networking is a much governed by packets per second as it is bytes per second.

Finally, some of the logging features of ipfiler may be able to give you something akin to what you want. I've not tried it myself, but seem to recall seeing posts elsewhere to that effect.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.