New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spike Network Viewer #6764
Comments
After to read some papers and a talk with @ktsaou , I am discarding the libpcap as a possibility to monitor the sockets and to do Network Viewer based on it. I am also discarding the possibility to parse /proc/net/tcp and /proc/net/tcp6, due two important motives, the first is the fact that the official documentation ( https://www.kernel.org/doc/Documentation/networking/proc_net_tcp.txt ) says that it is deprecated the second and no less important is an old paper ( https://kristrev.github.io/2013/07/26/passive-monitoring-of-sockets-on-linux ) where the writer had to do something near we will do in Netdata. The author argues correctly that is a problem to work with servers with a big number of sockets opened. A good example of the tcp_diag interface is the software ss(https://www.cyberciti.biz/files/ss.html) , that uses the same sockets that were described in the links of the previous paragraph. On FreeBSD it looks like that |
Hi @ilyam8 , Did you already work with a software different of Best Regards! |
Some comments from the meeting about the Network Viewer, I'll leave them here although the issue is closed as a record - they may apply to the work in PR#6958.
|
Feature idea summary
After the meet up I began to work again with libpcap to monitor outgoing Network packages, the first part of this spike was already done and I could get all the packages moving from a specific host, now it is necessary to create the rules automatic for libpcap only delivers results when the destination package is another host of the network.
Expected behavior
When this is done, we will have conditions to detect all the hosts that a specific host is communicating inside the network.
The text was updated successfully, but these errors were encountered: