Does anybody know a way to log traffic on a single interface/IP by process? Specifically what I want to record is traffic usage by user, but I can match PIDs against user to product stats and the user would also be in the full command line of the process.
There is a nice tool called nethogs that I often use to monitor traffic this way in realtime, but I would like to log the accumulated traffic rather than just monitor it.
OS : CentOS 5.3 64bit How to trace incoming and outgoing network traffic for a give user? User 'A' logs in to the system and does various network connectivity As root user need to find what are the outgoing and incoming connection that are related with user 'A'. basically need to check the connection flow. netstat will show ESTABLISHED, LISTEN etc.. need something like tcpdump
Eg:- --user option for tcpdump tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A Can someone tell me any tool which can do such thing? Even if it can show the process ID of the client application which is trying to establish network connectivity will do.
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies View RelatedI wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
I am searching for a Linux user level command/utility to measure the network bandwitdth used by a specific process by usig its process id.i used different commands like, iperf, ntop, netstat etc, but it doesn't to meet my requirement. i need to observe network bandwidth used by only a specific process .
View 3 Replies View RelatedRecently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
Is It possible to change a process running in root-user to non-root-user by setting suid / uid / euid / gid etc... I so please instruct how, when and wat to set in order to change a process running in root-user to non-root user
View 4 Replies View RelatedI can't seem to find how to export a variable to all processes I run under my user? I have an application that needs this variable, and currently I have to manually export this variable (typing "export VAR=... in terminal) every time before I run the application.
Which profile file I have to put the export expression into? I want all processes to inherit this variable, not just the shell/terminal. I.e. a true environment variable...
forums so I'm not sure this is the right place for this topic.So, my question/topic thing is:I have a PHP script that runs on an apache2 web server (www-data).From this script, i want to launch a process that stays alive all the time,ut the parent script keeps on going. So I think I will need to run a command like 'at' to put the process on a queue, and the script can continue and finish, without waiting for the process to stop. But it seems like I will need to run the 'at' command as a different user, because www-data stops the 'atd' process. I'm not sure about that. Does anybody know how this could happen?
View 2 Replies View Relatedi am using Ubuntu 10.04.1 LTS. i only ever contact my ubuntu machine through SSH. everytime i login, i do:
~/downloads/.dropbox-dist/dropboxd &
this launches the dropbox process and all is great. except when i log back into the ubuntu machine via ssh after a few hours, the process no longer exists. how can i get the process to run indefinitely?
I list the process with
Code:
ps -ef | grep java
and I got:
Code:
user1 24041 ....
Here the user1 should the process name.
My question: Is this name the same as the user name?
How can I obtain the user that owns the process from /proc/process_id? Is it the Uid in /proc/process_id/status ? If so why are there 4 values there?
View 2 Replies View RelatedI've three user in my machine ,and i want to make sure that the process created by the user1 can be killed by other user and vice-versa ,is there any way i can do that without using root password or sudo
View 4 Replies View Related$ uptime
09:55:00 up 7 days, 6 min, 2 users, load average: 0.00, 0.00, 0.00
..but I'm the only user logged in!
$ who -a
system boot 2010-09-06 09:48
run-level 2 2010-09-06 09:48 last=
[code]....
looks as though this is the culprit, but...
$ kill 5485
-bash: kill: (5485) - No such process
This process doesn't exist in the /proc folder or the output of ps. Does anyone know how this happened, and how to remove this ghost user from my system without a complete reboot? I think I have seen a similar thing on a RedHat machine ages ago but I have never figured out how to log out these ghost users.
$ uname -a
Linux ubuntu 2.6.24-28-server #1 SMP Wed Aug 25 16:07:16 UTC 2010 i686 GNU/Linux
I would like to give a non-root user (nicollet) the ability to detect and send a signal to processes started by Apache2 (those processes are FastCGI scripts and the signal tells them to empty their cache). The processes are owned by the web user (www-data), and I'm running on Debian unstable.
I can't find any way to have the nicollet user see those processes.
The processes are running and can see by both root and www-data:
root@linux-01:~# ps -Af | grep baryton
www-data 17649 17648 0 10:27 ? 00:00:00 baryton
www-data 28145 1 0 Nov01 ? 00:00:12 baryton --bot
root 18701 18700 0 10:46 pts/0 00:00:00 grep baryton
root@linux-01:~#
[Code]....
The most surprising is that the grep process is indeed run by www-data (because it's started from a setuid executable) and is visible, but the baryton process isn't.
What's going on here? Why can ps run by www-data show those processes, but ps run by a setuid executable running as www-data cannot, when it's started by nicollet?
I want to write the sequence of operation of a user interactive process (Question asked by the process and answers user entered) in to a log file.
I used tee command, Precess1 | tee -a FileName
This write only the Question asked by the process. Does anybody know how to write the user inputs also to the same file, synchronized?
I am trying to set the umask for a process(orkaudio) which is running as the root user.This program creates dir and files and I need the umask to be 022. I have edited my /etc/bashrc -- and when i type in umask i get 0022 --- Not sure how to go about getting this resolved...
View 1 Replies View RelatedI have ubuntu server with PPTP on it. I need to limit single connection speed for ip 1 mbit/s, and mounthly traffic limit to 5 GB. How i can do this my task. I try to find somthing with ip tables, but can't find how to creat mounthly limits.PPTP do not have this option, maybe is some other, not hard for configure VPN server? Maybe someone make this task with iptables, and can give commands for limiting? Ofcorse VPN program with integrated accaunts and limits will be better.
View 1 Replies View RelatedI've got 4 or 5 of these TRENDnet USB network adapters ( TU-ET100c ) that I use frequently when I'm configuring firewalls or IPS devices for customers. I use them in combination with VirtualBox to test. They've always worked great until my new laptop I just got, and I put 10.04 on it. Previously I was on 9.x. Sometimes they will give a link light, other times not. And when they do the interface shows that it's up, but I can't get any traffic across the interface.
[code]...
I have access to a VPN I use when having confidential instant messaging sessions. For the purposes of my work, essentially.I'm a command line kind of guy, and like to use Finch (the shell version of Pidgin) for those.However, when I turn on my OpenVPN connection it routes all traffic through the VPN. Web-browsing, IMing, and I can no longer access other machines on my home network.Can I set OpenVPN to only route traffic I ask through that connection (either by port number or application, or some way I haven't thought of), while other traffic flows through my usual home network?Some kind of local proxy perhaps? Or a dd-wrt box set up as a proxy, connected to OpenVPN?I've played around with the GUI environment too (I have a basic GUI I sometimes use on my main machine) and have installed the full desktop 10.10 on a second machine just to see if I can work it out.
View 2 Replies View RelatedI have a VPN account and have been running it perfectly on windows without any problems but I deleted my windows OS because I wanted to force myself to learn a Linux OS. I have installed the configuration package through the terminal and have followed this guide exactly
[URL]
The VPN was giving me a no secrets error to start off but I managed to fix and now it connects for about 40seconds but whilst it is connected, the internet is completely useless and I can't get on anything... It then disconnects after 40 seconds saying it has failed.
I installed firestarter to see if I could tweak it there to work but it was beyond me and I could also see from the data being sent that none of it was going through tap0 whilst the VPN was connected..
i googled around and finally stumbled over this forum. I've been wondering, how would i kill an process running from an folder and with user parameter? I usually type this into the ssh console: pkill -9 < process > -U < username >
But i want users be able to run it multiple times, and killing only an specific process and not every single one.
I need to kill a process which has been started by user2 if I am user1 without being sudoers or using root.Do you know if there is a way of setting that when launching the process? Such as a list of users allowed to kill the process?
View 7 Replies View RelatedI have a program(that is written by me) which need super user permission to execute it. But I need to let the normal users to execute it without using 'sudo ./executable' and just './executable'. how i can set the program to execute by the normal users without using 'sudo' or password prompting.
View 2 Replies View RelatedFor the past few days I was putting effort on understanding the software control flow starting from "Boot loader" to "Linux User space".
I am consolidating the entire process and putting forth in this forum...It would be great if someone can validate this..It might be useful to other new bees too.
Step 1 : Power up the board
Step 2 : The CPU control goes to EEPROM/storage memory where BIOS resides
Step 3: BIOS gets loaded in RAM and gets executed
Step 4: During execution, the selection of Boot device has to be done with the help of BIOS Menu [Blue screen appearance during start up in normal PC's]
Step 5: BIOS shall access the Bootloader stored in boot device [for eg.,Hard disk]. Boot loader is stored in MBR area.
for explanation purpose I take the following configurations
Bootloader = GRUB
Boot Device = Hard Disk
Step 6: GRUB shall be loaded in RAM and gets executed
Step 7: GRUB shall load the KERNEL image to RAM. Kernel image is stored in Hard Disk.
The question of "How the GRUB knows where the Kernel image is stored".
The answer is
1. In the "Grub.config" file, the location of "Kernel Image" and " Ramdisk Image" [which will be discussed later in the section] is being given.
Step 8: Kernel Image followed by Ramdisk Image is loaded in RAM by GRUB bootloader
Step 9: Kernel Image gets executed...During execution, top portion of the code shall make initial hardware initialization and latter part
of the code shall just decompress the Kernel Image
Step 10 : After decompressing the Kernel Image, it shall decompress
the already loaded Ramdisk Image
Ram disk is just creating a temporary hard disk in RAM. The main responsibility includes it consists of minimal driver files, executables, directory structures to created a TEMPORARY ROOT FILE SYSTEM.
This Temporary Root File system shall be used by Kernel Image
1. Execute the executables to access the Hard disk
2. For creating Permanent Root File System in HARD DISK
Step 11 : Kernel Shall look for the file /Linuxrc in Ramdisk. Linuxrc
is a USER script file [not sure]
Step 12: At the end of script file Linuxrc, the Ramdisk shall give the
control to "USER SPACE" [path for writing the script not known]in Linux kernel
Step 13: USER SPACE is the normal shell
A Tomcat server is installed under user A. Now I am going to write a script which will start this Tomcat server. And this script can be executed from other users (from there account). And if other user run this script, the process ID should be of user A, so that user A can start or stop this process any time. This means, at the beginning of the script I have set the process ID as user A. How to do this?
View 8 Replies View RelatedI am writing a program which i dont want the kernel scheduler to preempt before certain time duration. I am using the system call sched_get_priority_max to set the maximum priority. However it is not producing results.
View 3 Replies View RelatedI need to be able to do the following: Physical Router located at 192.168.40.1
On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
I'm facing a problem when I establish VPN connections using OpenVPN to Your Freedom Server. " you can see their documentation here ", I've installed OpenVPN from synaptic and I used the client to connect through VPN and it works !! but there is no traffic in FF or any application !!I tired to insert some HTTP proxy also belongs to the same server and it works. What really wonders me is that OpenVPN seems to work only when I'm connecting to streams sites "e.g. ustream, justin.tv" Is there anyway to force the whole traffic to use OpenVPN " I'm using Mobile modem and it works fine with OpenVPN in win7
View 7 Replies View Related
