culprit.pl

readme:

culprit.pl
------------
see bandwidth use by user and process in real time
miff, 8/2002
------------

requirements:
-can only run as root
-must have tcpdump installed
-must have lsof installed

setup:
you need to change:

line 1:
#!/usr/local/bin/perl
make sure it points to your perl

line 16:
make sure this is the full path to lsof on your system (or change it)

line 17:
make sure this is the full path to tcpdump on your system (or change it)

line 18:
set this to your ip address!!

line 19:
below this line, push any virtual IPs onto this array.
this will allow culprit to handle vhosts.
if there are none, dont push anything onto the array.

sample output:


TOTAL   IN      OUT     PORT/OWNER                              REMOTE
-------------------------------------------------------------------------------------
0       0       0       23 ERROR                            65.113.253.121 P:4315
0       0               80 ERROR                            65.113.253.121 P:4310
0       0       0       23 ERROR                            65.113.253.121 P:4317
43      22      21      33870 (xenovis irc-20010)           146.20.20.20 P:6667
49      25      24      46614 (incr irc-20010)              207.45.67.250 P:6667
61      40      21      38742 (aban BitchX-1.)              206.252.192.195 P:5555
61      40      21      11377 (aban BitchX-1.)              206.252.192.195 P:5556
80      50      30      20963 (miff irc-20010)              206.167.75.78 P:6667
101     101             16442 (ninex BitchX-1.)             207.211.45.67 P:2172
200     121     79      22502 (angui BitchX-1.)             165.21.103.176 P:6667
208     112     96      18602 ERROR                         216.136.171.203 P:22
223     117     106     40438 (cseg epic-EPIC)              63.98.19.242 P:6667
266     222     44      6087 (jerry irc-20010)              207.45.67.250 P:6667
305     275     30      40819 (distrakt BitchX-1.)          216.152.65.144 P:6667
834     834             6378 (xevolx BitchX-1.)             128.242.65.30 P:6667
848             848     22 (root sshd)                      65.191.67.229 P:3010
864             864     22 (root sshd)                      200.165.34.63 P:49259
1K      998     37      46490 (aban BitchX-1.)              63.151.167.146 P:6666
1K              1K      22 (root sshd)                      209.134.170.137 P:1233
1K              1K      22 (root sshd)                      67.33.169.220 P:4329
2K      2K      83      36546 (icer BitchX-1.)              205.188.149.12 P:6667
8K      1K      7K      22 (root sshd)                      209.6.183.84 P:65302
13K     240     13K     22 (sq sshd)                        64.30.175.99 P:2596
17K     17K     111     10777 (sq irc-20010)                207.45.67.250 P:6667
29K     14K     16K     22 (root sshd)                      68.51.232.244 P:4419
42K     42K     92      24344 (ninex BitchX-1.)             64.124.0.204 P:6667
=====================================================================================