Sounds like nethogs can solve the problem of knowing which processes are
currently sucking down bandwidth. As for your indicator idea, I think a
simple GUI front-end to nethogs would be the first step. The
application could reside with other system apps, and simply be fired up
when a user wants this information. An indicator would mean nethogs
running all the time in the background, unnecessarily consuming
resources, imho. Anyone up for guifying nethogs? :-)
-Robbie
On 01/26/2012 11:12 PM, nick rundy wrote:
Yes, good insights, Robbie.
Just to be clear, I'm not asking that an application-firewall (as Jason
Todd was speaking of) be created to solve this problem. I'm totally fine
with a solution that doesn't involve a firewall. It's just that an
application firewall allows me to solve this problem when I use Windows,
so it is the only base of reference I have to speak to.
I simply am asking that some way be created to give users a
user-friendly, in-your-face way to learn/discover/record/log what
applications and/or system-processes are making internet connections
and/or are being blocked from making internet connections (e.g., by GUFW
when it is set to block outgoing connections).
One way to solve this problem (as envisioned in my imagination without
any insight into the technical feasibility of it) would be to design
some sort of Indicator that appears on the titlebar of an
application's window. For example, in the upper right corner of the
titlebar, an internet-connection-icon would display if the app is trying
to connect or is actually connected to the internet. If the app is not
connecting nor trying to connect to the internet then this icon would
change its appearance. This Indicator would solve my problem because it
provides a user-friendly, in-your-face, understandable way for users to
quickly ascertain the internet-connection-state and
internet-connection-behavior of an application.
Here's an example of how this can be directly used in the real world:
first, say I use a Mobile Broadband internet connection that only gets
so much GB a month. And to try to conserve bandwidth I only want
internet connections that I deem worthwhile to occur. If I ONLY use
RhythmBox to play MP3s that live on my harddrive, I do not need (nor
want) Rhythmbox to make an internet connection when I open and use the
application. All I'm using it for is to play MP3s from my harddrive.
What does it need to connect to the internet for? So I need an easy and
in your face way to discover if when Rhythmbox is making an internet
connection. If I open Rhythmbox and start playing an MP3 and notice that
Rhythmbox is making an internet connection, then I know that I need to
go into the Rhythmbox settings and configure it to NOT make those
internet connections. If Rhythmbox's settings do not allow for such
configuration, I know that I should select a different application for
playing my music with (i.e., one that does allow such configuration).
To further support my case, I offer that with Ubuntu One and other cloud
services growing in popularity, I think it makes sense for users to have
a user-friendly way to be able to keep abreast of the
internet-connection-state and internet-connection-behavior of their
applications system.
Thank you so much for reading/listening to my concerns on this issue. I
hope I have been clear in my descriptions :-)
Date: Thu, 26 Jan 2012 15:30:52 -0600
From: rob...@ubuntu.com
To: jtodd...@hotmail.com
CC: nru...@hotmail.com; ubuntu-devel-discuss@lists.ubuntu.com
Subject: Re: can we find a solution to bug #820895 (show Process Name
in log files)?
Seems to be 2 separate issues in this thread:
1) Our system logging for firewall issues only logs PIDs via iptables
with no program name. Given other applications like netstat and nethogs
can do this, I think it's something we should try and work with upstream
to address. (my $0.02)
2) Users can't firewall based on applications. I could be completely
wrong here, but I believe AppArmor[1] provides this functionality via
profiles. While not as simple as adding an application to a list, it
might be an alternative solution until there's an easier way to do this.
http://manpages.ubuntu.com/manpages/hardy/man5/apparmor.d.5.html
-Robbie
On 01/26/2012 02:51 PM, Jason Todd wrote:
Nick, the package is called acct all by itself.
IMHO it will not solve the problem you are facing. I have tried it and
it is not user-friendly compared to what you are used to. I have
watched numerous people go back to Windows largely because of user
frustration/inability to discover/control what applications can and
cannot internet connect. I remember reading one review of ubuntu where
the reviewer hooked up some friends with 11.04 to get their opinions.
One of the things the friends complained about was only having control
of ports (and not applications) in the firewall. I could have swore