On Wed, Oct 06, 2010 at 01:30:14AM -0700, Patrick Kurz wrote: > I was also slightly concerned about short-lived connections. But if the > measured > bandwidth is accurate by 10%, it is sufficient for my use case. > What kind of applications do in general create such short-lived connections > and > still produce considerable traffic (say, more than 100MB/hour)?
I dunno, maybe BitTorrent when it's quickly going through lots of potential peers. But as Rob pointed out, even then the entries stick around for a little while in the table in TIME_WAIT state so it's hard to miss them. > Very good suggestion. I'll learn more about iptables. > Do you know if this would also be able to distinguish the bandwidth consumed > by > different users on the same shared socket (e.g. ssh) as Rob pointed out in > the > previous post? It's rare for different processes belonging to different users to actually share the same socket so I don't think you'd need to worry about that. In the case of ssh, each new session has its own independant socket. On Wed, Oct 06, 2010 at 11:07:23AM +0200, Maciej Grela wrote: > BTW, is it possible to monitor *incoming* packages using this kind of rule ? I don't think so. This technique is looking less useful by the minute :-) -Phil - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
