|
|
Where is incoming traffic coming from?: msg#03677ubuntu-users
Hello, I noticed that I got a lot of incoming traffic on my server. Look at vnstat: # vnstat -d eth0 / daily day rx | tx | total ------------------------+-------------+---------------------------------------- 02.07. 5.54 GB | 258.12 MB | 5.79 GB %%% 03.07. 4.99 GB | 136.65 MB | 5.12 GB %%% 04.07. 5.40 GB | 126.95 MB | 5.52 GB %%% 05.07. 2.07 GB | 59.51 MB | 2.13 GB % 06.07. 8.47 GB | 326.36 MB | 8.79 GB %%%%%% 07.07. 9.80 GB | 391.30 MB | 10.18 GB %%%%%% 08.07. 8.04 GB | 348.55 MB | 8.38 GB %%%%% 09.07. 10.58 GB | 389.05 MB | 10.96 GB %%%%%%% 10.07. 19.15 GB | 17.26 GB | 36.41 GB %%%%%%%%%%%%%:::::::::::: 11.07. 14.92 GB | 3.34 GB | 18.26 GB %%%%%%%%%%:: 12.07. 13.91 GB | 2.23 GB | 16.14 GB %%%%%%%%%:: 13.07. 14.42 GB | 2.08 GB | 16.50 GB %%%%%%%%%%: 14.07. 20.49 GB | 1.50 GB | 21.99 GB %%%%%%%%%%%%%%: 15.07. 16.14 GB | 1.61 GB | 17.76 GB %%%%%%%%%%%: 16.07. 14.86 GB | 1.10 GB | 15.96 GB %%%%%%%%%: 17.07. 17.26 GB | 1.20 GB | 18.46 GB %%%%%%%%%%%: 18.07. 13.49 GB | 1.26 GB | 14.74 GB %%%%%%%%%: 19.07. 12.97 GB | 980.82 MB | 13.93 GB %%%%%%%%: 20.07. 13.81 GB | 1.01 GB | 14.82 GB %%%%%%%%%: 21.07. 8.44 GB | 704.84 MB | 9.13 GB %%%%%% 22.07. 10.88 GB | 0.99 GB | 11.86 GB %%%%%%%: 23.07. 9.01 GB | 980.68 MB | 9.97 GB %%%%%: 24.07. 7.39 GB | 583.17 MB | 7.96 GB %%%%% 25.07. 6.23 GB | 484.04 MB | 6.70 GB %%%% 26.07. 8.19 GB | 395.95 MB | 8.58 GB %%%%% 27.07. 12.87 GB | 883.55 MB | 13.73 GB %%%%%%%%: 28.07. 8.83 GB | 762.62 MB | 9.57 GB %%%%%% 29.07. 8.65 GB | 631.73 MB | 9.27 GB %%%%%% 30.07. 8.76 GB | 587.09 MB | 9.34 GB %%%%%% 31.07. 0 kB | 0 kB | 0 kB ------------------------+-------------+---------------------------------------- estimated -- | -- | -- The tx values seem about right to me, but the rx values are totally absurd! It should only be a few hunderd megabytes per day, maximum! I have installed shorewall and I'm only accepting ping, ssh, http, https, smtp, imap2 and imaps. Everything else is dropped. I have also configured accounting in shorewall, but I'm not seeing anything out of the ordinary: # shorewall show accounting Shorewall 4.2.10 Chain accounting at intrepid - Fri Jul 31 00:52:58 CEST 2009 Counters reset Fri Jul 31 00:47:19 CEST 2009 Chain accounting (3 references) pkts bytes target prot opt in out source destination 1257 437K Total all -- eth0 * 0.0.0.0/0 0.0.0.0/0 1285 501K Total all -- * eth0 0.0.0.0/0 0.0.0.0/0 411 26732 ssh tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 311 269K ssh tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:22 37 5756 smtp tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 33 3374 smtp tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:25 44 3132 imap2 tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 35 65563 imap2 tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:143 0 0 imaps tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 imaps tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:993 104 16439 www tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 71 94136 www tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:80 0 0 https tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 https tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:443 4 336 ping icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 4 336 ping icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 How can I find out where the incoming traffic is coming from? -- Amedee -- ubuntu-users mailing list ubuntu-users@xxxxxxxxxxxxxxxx Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
|
|
||||||||||||||||||||||||||
| News | Mail Home | sitemap | FAQ | advertise |