Phil Vandry wrote:
> On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum wrote:
>> Yes, it is possible (on Linux, anyway), but not extremely easy. You can
>> correlate packet data to the kernel's network connection table and network
>> connections to inode values by reading "/proc/net/tcp*" and
>
>
On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum wrote:
> Yes, it is possible (on Linux, anyway), but not extremely easy. You can
> correlate packet data to the kernel's network connection table and network
> connections to inode values by reading "/proc/net/tcp*" and
Isn't that unreliable? The c
On Tue, Oct 5, 2010 at 5:46 AM, Gert Doering wrote:
> Hi,
>
> On Tue, Oct 05, 2010 at 02:14:19AM -0700, Patrick Kurz wrote:
> > >For typical point-to-point IP traffic, the combination of local address,
> > >local port, remote address, remote port, and transport protocol (TCP or
> UDP)
> > >is the
Hi,
On Tue, Oct 05, 2010 at 02:14:19AM -0700, Patrick Kurz wrote:
> >For typical point-to-point IP traffic, the combination of local address,
> >local port, remote address, remote port, and transport protocol (TCP or UDP)
> >is the closest thing you have to a unique key.
>
> Are you saying, that
From: Rob Hasselbaum
To: tcpdump-workers@lists.tcpdump.org
Sent: Mon, October 4, 2010 10:35:02 PM
Subject: Re: [tcpdump-workers] bandwidth by user or process id
>For typical point-to-point IP traffic, the combination of local address,
>local port, remote addr
