Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ A process of how to get the current traffic in GNU Linux     - Linux System Getting Started Learning: On Linux how to convert text files to PDF (Linux)

- Nginx introduced Dynamic Module Architecture (Server)

- Broadcom transplanted to OpenWrt summary (Programming)

- Vim configuration instructions (Linux)

- PostgreSQL 9.3.5 database installation under Ubuntu Server 14.04 (Database)

- Linux command line under HTTP traffic sniffing tool: httpry (Linux)

- Linux environment SSH login password instead of using the RSA Certificate (Linux)

- Linux kernel source tree to establish load module hello (Linux)

- Intruder tools Knark Analysis and Prevention Linux environment (Linux)

- PostgreSQL procedural language learning (Database)

- Linux operating system security management skills notes (Linux)

- CentOS7 boot systemd introduction and use of management (Linux)

- Django1.8 return json json string and the string contents of the received post (Programming)

- How to choose the correct HTTP status code (Server)

- How to statistical data of various size Redis (Database)

- Mac OS X Server installation and application (Linux)

- Debian installation (Linux)

- Nginx logging client ip (Server)

- Polymorphism of the C ++ compiler and run-time polymorphism (Programming)

- ORA-30926 and MERGE tables empty the temporary occupation problem (Database)

 
         
  A process of how to get the current traffic in GNU Linux
     
  Add Date : 2018-11-21      
         
         
         
  Divided into the following steps:

(1), by using a packet sniffer Libpcap database technology, network traffic packet capture, network traffic can be obtained for each package quintuple (source address, destination address, source port, destination port, protocol number) and current information traffic packet size, create a table to get this information after this table the same session packet size information will continue to interact with this session and the accumulated packet size.

(2), through all the links to all processes / proc / under fd / directory traversal View link value will traverse to the all inclusive socket: the beginning of the connection, process ID and traverse the resulting corresponding process ID , all processes corresponding socket fd corresponding inode number for construction of the table. At the command line, enter the following command can be a process of the current network connection to view, as follows (in firefox as an example):

#get PID of firefox
v0id @ v0id: ~ $ ps aux | grep firefox
v0id 2143 7.8 21.0 1138824 433960? Sl 11:19 44:36 / usr / lib / firefox / firefox
Get firefox process number 2143, then view the file descriptor fd under this process, use the following command to see information about this process socket directory file descriptor information, the results have readlink after the beginning of the socket is the network connection to use fd (file descriptor), immediately socket: after fd is the inode number, execute the following command:
v0id @ v0id: ~ $ ll / proc / 2143 / fd / | grep socket
lrwx ------ 1 v0id v0id 64. 11 Yue 19 11:19 10 -> socket: [27273]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 101 -> socket: [3726782]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 11:19 13 -> socket: [27336]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 11:19 14 -> socket: [27337]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 11:19 21 -> socket: [28264]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 30 -> socket: [29375]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 31 -> socket: [29692]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 32 -> socket: [30810]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 33 -> socket: [30812]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 36 -> socket: [31803]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 11:19 4 -> socket: [26607]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 40 -> socket: [31071]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 41 -> socket: [31073]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 44 -> socket: [5245647]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 69 -> socket: [5244897]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 71 -> socket: [5248187]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 72 -> socket: [5246226]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 75 -> socket: [5246227]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 76 -> socket: [5246228]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 77 -> socket: [5248188]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 78 -> socket: [5248189]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 79 -> socket: [5246239]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 80 -> socket: [3726781]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 81 -> socket: [5248214]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 82 -> socket: [5248217]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 83 -> socket: [5246330]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 84 -> socket: [5248215]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 85 -> socket: [5246331]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 86 -> socket: [5248216]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 87 -> socket: [5248218]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 88 -> socket: [5249212]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 89 -> socket: [37239]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 11:19 9 -> socket: [27820]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 90 -> socket: [5248222]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 92 -> socket: [5248223]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 93 -> socket: [5249279]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 94 -> socket: [37240]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 96 -> socket: [38308]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:48 97 -> socket: [37345]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 98 -> socket: [5249281]
lrwx ------ 1 v0id v0id 64. 11 Yue 19 20:52 99 -> socket: [5249282]

(3), through the network connection status of the file / proc / net / tcp current communication link for real-time read, by obtaining the source address of the connection destination address, source of goods, the corresponding target port can be found in the capture table You can view the information network channel for each process connected through capture and quintuple information obtained by comparing the table to find out in step (1) established in each program corresponding to the corresponding network traffic through each connection corresponding inode step (2) in the resulting list traversal process compared to the corresponding figure out the connection process; here it is possible to process each corresponding traffic statistics came out, by accumulating the network traffic for each process to get the total network traffic.
v0id @ v0id: ~ $ ll / proc / 2143 / fd / | grep socket; cat / proc / net / tcp
sl local_address rem_address st tx_queue rx_queue tr tm-> when retrnsmt uid timeout inode
  0: 0101007F: 0035 00000000: 0000 0A 00000000: 00000000 00: 00000000 00000000 0 0 12396 1 00000000 100 0 0 10 0
  1: 0100007F: 0277 00000000: 0000 0A 00000000: 00000000 00: 00000000 00000000 0 0 11404 1 00000000 100 0 0 10 0
  2: 9707A8C0: 8BB9 0C7CB5DC: 0050 02 00000001: 00000000 01: 00000166 00000002 1000 0 5243074 2 00000000 400 0 0 2 5
  3: 9707A8C0: 86F7 DF08A8C0: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5245647 1 00000000 21 4 8 10 -1
  4: 9707A8C0: BFC9 E99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248217 1 00000000 20 4 24 10 -1
  5: 9707A8C0: 85FC AE2ED0CB: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248218 2 00000000 20 4 24 10 -1
  6: 9707A8C0: 9052 C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5246239 2 00000000 20 4 20 10 -1
  7: 9707A8C0: 9281 925C4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5246331 1 00000000 20 4 8 10 -1
  8: 9707A8C0: DFB3 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5249212 2 00000000 21 4 24 10 -1
  9: 9707A8C0: DFB5 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248223 2 00000000 20 4 24 10 -1
  10: 9707A8C0: A614 E19D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5246330 1 00000000 20 4 24 10 -1
  11: 9707A8C0: 9051 C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248189 2 00000000 20 4 1 6 -1
  12: 9707A8C0: 904B C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5244897 1 00000000 20 4 8 10 -1
  13: 9707A8C0: DFA5 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248187 2 00000000 20 4 8 10 -1
  14: 9707A8C0: A613 E19D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248214 1 00000000 20 4 24 10 -1
  15: 9707A8C0: 905E C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5249281 3 00000000 20 5 3 10 -1
  16: 9707A8C0: EAFE DF08A8C0: 0050 08 00000000: 00000001 00: 00000000 00000000 1000 0 2102209 1 00000000 20 4 6 50 16
  17: 9707A8C0: DFB0 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248216 2 00000000 20 4 24 10 -1
  18: 9707A8C0: 904E C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5246227 2 00000000 20 4 20 10 -1
  19: 9707A8C0: DFB6 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5249279 2 00000000 21 0 0 10 -1
  20: 9707A8C0: 905F C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5249282 2 00000000 20 4 9 10 -1
  21: 9707A8C0: C8CF 8805E29F: 0050 08 00000000: 00000001 00: 00000000 00000000 1000 0 273820 1 00000000 20 4 6 43 16
  22: 9707A8C0: 975D 525D58DE: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5246226 1 00000000 21 4 24 10 -1
  23: 9707A8C0: 9055 C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248215 1 00000000 20 4 20 10 -1
  24: 9707A8C0: DFB4 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248222 2 00000000 20 4 24 10 -1
  25: 9707A8C0: DFA9 DD5D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5248188 2 00000000 21 4 8 10 -1
  26: 9707A8C0: 904F C99D4F75: 0050 01 00000000: 00000000 00: 00000000 00000000 1000 0 5246228 2 00000000 20 4 11 10 -1

Content can be found in hair on the inode number and socket (2) listed: [inode] as the value of it, such as inode connection 5248222, the same is to say the connection is made a part of firefox.
     
         
         
         
  More:      
 
- Android to determine whether the device to open WIFI, GPRS data connection (Programming)
- Oracle 11g RAC automatically play GI PSU patch (11.2.0.4.8) (Database)
- Based kubernetes Construction Docker Cluster Management Comments (Server)
- tar decompression problems gzip: stdin: not in gzip format (Linux)
- The new features of MySQL 5.7 Generated Column (index function) (Database)
- CentOS 6.5 install VNC-Server (Linux)
- Zabbix installation under Linux (Server)
- MySQL in order by inaccurate results in problems and solutions (Database)
- Circular list of Java programming (Programming)
- Ubuntu 14.04 / 12.04 subscribe users to install software Liferea 1.10.10 (Linux)
- Python 2 Chinese garbage problem solved (Linux)
- GAMIT learning materials finishing (Linux)
- grep command Detailed and relevant examples (Linux)
- Applications in Objective-C runtime mechanism (Programming)
- Ubuntu development Nodejs (Linux)
- Nodejs nano library to handle couchdb: need a timeout (Database)
- Python extension module Ganglia 3.1.x (Linux)
- Linux memory management (Linux)
- Manually create Oracle Database Explanations (Database)
- Linux6.1 / 6.5 dual-NIC Binding (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.