Is inbound or outbound? What port? tcp or udp?
------Mensaje original------ De: Bowie Bailey Remitente: centos-bounces@centos.org Para: CentOS mailing list Responder a: CentOS mailing list Asunto: [CentOS] Outbound traffic spike every 30 minutes Enviado: 3 de dic de 2013 19:36
Since Sunday morning, one of my CentOS servers has been generating a small spike of outbound traffic every 30 minutes (X:00 and X:30). It's not enough traffic to really cause any notice except for the fact that it is a very regular pattern and it started abruptly at midnight Sunday.
This server is used for mail (Courier-MTA), and DNS (Bind). I cannot find anything unusual in either of those logs. I tried grepping through my firewall logs, but have been unable to find anything useful there either. I don't see any cron jobs that would generate network traffic.
Any suggestions how I can go about tracking this down?
On 12/3/2013 3:42 PM, diegors@gmail.com wrote:
------Mensaje original------ De: Bowie Bailey Remitente: centos-bounces@centos.org Para: CentOS mailing list Responder a: CentOS mailing list Asunto: [CentOS] Outbound traffic spike every 30 minutes Enviado: 3 de dic de 2013 19:36
Since Sunday morning, one of my CentOS servers has been generating a small spike of outbound traffic every 30 minutes (X:00 and X:30). It's not enough traffic to really cause any notice except for the fact that it is a very regular pattern and it started abruptly at midnight Sunday.
This server is used for mail (Courier-MTA), and DNS (Bind). I cannot find anything unusual in either of those logs. I tried grepping through my firewall logs, but have been unable to find anything useful there either. I don't see any cron jobs that would generate network traffic.
Any suggestions how I can go about tracking this down?
Is inbound or outbound? What port? tcp or udp?
It is outbound from my server to the Internet. My traffic monitor does not give me any more detailed information, just a nice sawtooth graph showing the regular spikes.
TCP or UDP and the port is part of what I am trying to determine.
Hi,
Get ntopng and it will record the ips and ports involved.
www.ntop.org
On 12/03/2013 05:01 PM, Bowie Bailey wrote:
On 12/3/2013 3:42 PM, diegors@gmail.com wrote:
------Mensaje original------ De: Bowie Bailey Remitente: centos-bounces@centos.org Para: CentOS mailing list Responder a: CentOS mailing list Asunto: [CentOS] Outbound traffic spike every 30 minutes Enviado: 3 de dic de 2013 19:36
Since Sunday morning, one of my CentOS servers has been generating a small spike of outbound traffic every 30 minutes (X:00 and X:30). It's not enough traffic to really cause any notice except for the fact that it is a very regular pattern and it started abruptly at midnight Sunday.
This server is used for mail (Courier-MTA), and DNS (Bind). I cannot find anything unusual in either of those logs. I tried grepping through my firewall logs, but have been unable to find anything useful there either. I don't see any cron jobs that would generate network traffic.
Any suggestions how I can go about tracking this down?
Is inbound or outbound? What port? tcp or udp?
It is outbound from my server to the Internet. My traffic monitor does not give me any more detailed information, just a nice sawtooth graph showing the regular spikes.
TCP or UDP and the port is part of what I am trying to determine.
-
Bowie Bailey -
diegors@gmail.com -
Steve Clark