Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

How to monitor network traffic per-application
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
SomeoneDK
n00b
n00b


Joined: 22 Oct 2005
Posts: 40
Location: Aalborg, Denmark
PostPosted: Sun Feb 10, 2008 2:54 pm    Post subject: How to monitor network traffic per-application Reply with quote
Hi there.

I just recently got a new router with some more advanced log settings than my previous.
Going through the various logs for some good 'ol fun, I noticed the "TCP Reset" log being continously spammed with entries by my Gentoo server.

Here's a the first 10 entries from the log.
Code:

1   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  192.168.1.100:35803  86.101.50.143:44454  TCP RST 
2   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  86.101.50.143:44454  192.168.1.100:35803  TCP RST 
3   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  192.168.1.100:36484  86.101.50.143:44454  TCP RST 
4   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  86.101.50.143:44454  192.168.1.100:36484  TCP RST 
5   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  86.101.50.143:44454  192.168.1.100:52542  TCP RST 
6   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  192.168.1.100:52542  86.101.50.143:44454  TCP RST 
7   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  97.100.86.112:35593  192.168.1.100:39021  TCP RST 
8   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  192.168.1.100:39021  97.100.86.112:35593  TCP RST 
9   02/10/2008 14:36:00  Firewall session time out, sent TCP RST  80.109.194.51:6881   192.168.1.100:56364  TCP RST 
10  02/10/2008 14:36:00  Firewall session time out, sent TCP RST  192.168.1.100:56364  80.109.194.51:6881   TCP RST 


I didn't recognize the port numbers so as an attempt to find out what was causing this I killed the applications I thought could cause this such as, tightvnc, ventrilo etc.

I started up iptraf and could clearly see, that even though I had shut down those applications the TCP requests was still going on, which leads me to my question: Is there a way to monitor the network traffic on a per-application basis to pinpoint the exact application(s) which is causing this.

Thank you for your time.
Christian Rasmussen
Back to top
View user's profile Send private message
user
Apprentice
Apprentice


Joined: 08 Feb 2004
Posts: 214
PostPosted: Sun Mar 30, 2008 12:33 am    Post subject: Reply with quote
i only know dtrace for sun solaris
but you can use iptables owner option to tag outgoing packets.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy