Sounds like nethogs can solve the problem of knowing which processes are currently sucking down bandwidth. As for your indicator idea, I think a simple GUI front-end to nethogs would be the first step. The application could reside with other system apps, and simply be fired up when a user wants this information. An indicator would mean nethogs running all the time in the background, unnecessarily consuming resources, imho. Anyone up for guifying nethogs? :-)
-Robbie On 01/26/2012 11:12 PM, nick rundy wrote: > Yes, good insights, Robbie. > > Just to be clear, I'm not asking that an application-firewall (as Jason > Todd was speaking of) be created to solve this problem. I'm totally fine > with a solution that doesn't involve a firewall. It's just that an > application firewall allows me to solve this problem when I use Windows, > so it is the only base of reference I have to speak to. > > I simply am asking that some way be created to give users a > user-friendly, in-your-face way to learn/discover/record/log what > applications and/or system-processes are making internet connections > and/or are being blocked from making internet connections (e.g., by GUFW > when it is set to block outgoing connections). > > One way to solve this problem (as envisioned in my imagination without > any insight into the technical feasibility of it) would be to design > some sort of "Indicator" that appears on the titlebar of an > application's window. For example, in the upper right corner of the > titlebar, an internet-connection-icon would display if the app is trying > to connect or is actually connected to the internet. If the app is not > connecting nor trying to connect to the internet then this icon would > change its appearance. This Indicator would solve my problem because it > provides a user-friendly, in-your-face, understandable way for users to > quickly ascertain the "internet-connection-state" and > "internet-connection-behavior" of an application. > > Here's an example of how this can be directly used in the real world: > first, say I use a Mobile Broadband internet connection that only gets > so much GB a month. And to try to conserve bandwidth I only want > internet connections that I deem "worthwhile" to occur. If I ONLY use > RhythmBox to play MP3s that live on my harddrive, I do not need (nor > want) Rhythmbox to make an internet connection when I open and use the > application. All I'm using it for is to play MP3s from my harddrive. > What does it need to connect to the internet for? So I need an easy and > "in your face" way to discover if & when Rhythmbox is making an internet > connection. If I open Rhythmbox and start playing an MP3 and notice that > Rhythmbox is making an internet connection, then I know that I need to > go into the Rhythmbox settings and configure it to NOT make those > internet connections. If Rhythmbox's settings do not allow for such > configuration, I know that I should select a different application for > playing my music with (i.e., one that does allow such configuration). > > To further support my case, I offer that with Ubuntu One and other cloud > services growing in popularity, I think it makes sense for users to have > a user-friendly way to be able to keep abreast of the > "internet-connection-state" and "internet-connection-behavior" of their > applications & system. > > > Thank you so much for reading/listening to my concerns on this issue. I > hope I have been clear in my descriptions :-) > > > >> Date: Thu, 26 Jan 2012 15:30:52 -0600 >> From: rob...@ubuntu.com >> To: jtodd...@hotmail.com >> CC: nru...@hotmail.com; ubuntu-devel-discuss@lists.ubuntu.com >> Subject: Re: can we find a solution to bug #820895 (show Process Name > in log files)? >> >> Seems to be 2 separate issues in this thread: >> >> 1) Our system logging for firewall issues only logs PIDs via iptables >> with no program name. Given other applications like netstat and nethogs >> can do this, I think it's something we should try and work with upstream >> to address. (my $0.02) >> >> 2) Users can't firewall based on applications. I could be completely >> wrong here, but I believe AppArmor[1] provides this functionality via >> profiles. While not as simple as adding an application to a list, it >> might be an alternative solution until there's an easier way to do this. >> >> http://manpages.ubuntu.com/manpages/hardy/man5/apparmor.d.5.html >> >> -Robbie >> >> On 01/26/2012 02:51 PM, Jason Todd wrote: >> > Nick, the package is called "acct" all by itself. >> > IMHO it will not solve the problem you are facing. I have tried it and >> > it is not "user-friendly" compared to what you are used to. I have >> > watched numerous people go back to Windows largely because of user >> > frustration/inability to discover/control what applications can and >> > cannot internet connect. I remember reading one review of ubuntu where >> > the reviewer hooked up some friends with 11.04 to get their opinions. >> > One of the things the friends complained about was only having control >> > of ports (and not applications) in the firewall. I could have swore it >> > was at tomshardware.com. I've searched but can't find the review. It was >> > back around the time 11.04 came out. >> > The way Linux deals with applications and internet connections has not >> > evolved to a consumer-desktop-level. In an age where privacy and >> > security are very important, it's going to need to address this to gain >> > more users. I was sad to see Bug 820895 marked as Won't Fix. >> > >> > I personally tried to get my friend to start using ubuntu. But he grew >> > frustrated with no application firewall capabilities. He posted in the >> > ubuntu-forums on the issue and it generated a long discussion but >> > ultimately turned into a big mess where lots of ubuntu users were >> > calling him an idiot and saying that Windows uses an application >> > firewall because Windows sucks. The thread was closed and my friend went >> > back to Windows feeling like ubuntu is only for programmers and everyone >> > that uses Ubuntu thinks he's stupid cause he wanted an application > firewall. >> > >> > ------------------------------------------------------------------------ >> > From: nru...@hotmail.com >> > To: ps...@ubuntu.com; ubuntu-devel-discuss@lists.ubuntu.com >> > Subject: RE: can we find a solution to bug #820895 (show Process Name in >> > log files)? >> > Date: Thu, 26 Jan 2012 10:16:22 -0500 >> > >> > Philip, thanks for your reply. I greatly appreciate it. You said, >> > >> >>>>If you don't like the connections a program makes, then configure it >> > not to do so. If you can't do that, then don't run such a bad > program.>>> >> > >> > This is what I'm trying to do on Ubuntu! :) if I can't log the process >> > name, How do I learn what connections a program is making so that I can >> > configure that program to not make those connections? You see the > problem? >> > >> > For over a year I have been struggling (on Ubuntu) with a way to >> > identify the connections programs are making so that I can do what you >> > say: configure it not to make those connections or to uninstall the >> > program if I deem it a "bad program." This is a non-issue on Microsoft >> > Windows because I can easily identify connections programs are making >> > and I can KNOW the comings and goings on my computer as it is all logged >> > with Application Name in the firewall log. One of the criteria I use to >> > select which applications I install and run is "internet connection >> > behavior." It has been very difficult selecting applications I prefer in >> > Ubuntu because I am forced to sit and watch netstat while trying to >> > accomplish things. What I have ended up doing is (when available) >> > installing the same program on Windows, study the firewall log in >> > Windows and then deeming it a "good" or "bad" program for use in Ubuntu. >> > So I am still seeking a solution on Ubuntu. If there's some other way to >> > accomplish what I'm after (than using a Firewall Log), I will use it. >> > But I have yet to find as reasonable a solution on Ubuntu. As others >> > have remarked in forums etc, this is becoming an increasing priority in >> > order to manage Mobile Broadband internet connection usage as the >> > accounts come with bandwidth caps where users are charged a lot of extra >> > money if they exceeds the caps. >> > >> > I will investigate using acct package, is this the name ("acct" or "acct >> > package") I should search for in Synaptic? I have not tried this as a >> > solution and really appreciate your suggestion. >> > >> > >> > >> >> Date: Wed, 25 Jan 2012 19:55:18 -0500 >> >> From: ps...@ubuntu.com >> >> To: nru...@hotmail.com >> >> CC: ubuntu-devel-discuss@lists.ubuntu.com >> >> Subject: Re: can we find a solution to bug #820895 (show Process Name >> > in log files)? >> >> >> > On 01/25/2012 06:22 PM, nick rundy wrote: >> >> Is there anything that can be done to create some way for Ubuntu >> >> users to get the capability of having a static record of what >> >> application/s made an outgoing connection? >> > >> > That would require a change to the iptables kernel module that >> >> implements process based rules. Last I saw, it wasn't really maintained >> >> because the whole concept is considered broken by design. In other >> >> words, you shouldn't be setting rules based on processes. >> > >> > Needing an external firewall to control network activity of a program >> >> in the first place is the result of using badly behaved closed source >> >> programs, and so it largely a non issue for the open source community. >> > >> >> The capability to log "process names" has been requested by numerous >> >> users over the years, here's some links: >> > >> > If you want to log what processes are run and when in general, then >> >> you can install and configure the acct package. You could then use the >> >> accounting information to look up what process had a given pid at a >> >> given time. >> > >> > >> > -- Ubuntu-devel-discuss mailing list >> > Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: >> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss >> > >> > >> >> -- >> Robbie Williamson <rob...@ubuntu.com> >> robbiew[irc.freenode.net] >> >> "Don't make me angry...you wouldn't like me when I'm angry." >> -Bruce Banner -- Robbie Williamson <rob...@ubuntu.com> robbiew[irc.freenode.net] "You can't be lucky all the time, but you can be smart everyday" -Mos Def "Arrogance is thinking you are better than everyone else, while Confidence is knowing no one else is better than you." -Me ;) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss