How does Socket Sentry get its data?
First, a little background. the tool consists of three main parts: • A D-Bus service that runs as root to collect network and process data. • A Plasma data engine that is really just a thin wrapper around the service. • A Plasma applet that visualizes the data provided by the service through the engine. Most of the interesting work happens inside the service. This component captures packet headers as they pass through each monitored network interface. Using this data, it builds a rolling history of network activity and calculates statistics like throughput, peak rate, current device state (sending or receiving), and so forth. The connections observed through packet capture are then matched against the kernel’s network connection tables exposed in the /proc/net file system directory. This is the same data source that is used by well-known tools like netstat and enables Socket Sentry to match packet traffic to OS processes–a feature that is unique to Socket Sentry among Linux tools as f
