Adam Rice (adamrice@xxxxxxxxxxxx) wrote on 18 January 2004 14:09: >I'd like to be able to get per-connection byte-counts from the kernel, so I >can create a sort of top program showing what processes and users are >currently using the network and how much. Since I want this to be something I >can keep running all the time, I don't want to do it by snooping the >interface. Is there some way to do this with netfilter? Sadly >/proc/net/ip_conntrack doesn't appear to provide this information. iftop and iptraf give statistics per interface, per machine and per traffic type plus other interesting info. That's all that can be obtained from a firewall since you cannot retrieve user info from another machine. The performance impact is usually negligible. If you want to run the monitor in a multi-user system where users are logged in you can associate the network connections with processes and users but I don't know a program that does it. This is a "me too"...
