[CentOS] Outbound traffic spike every 30 minutes

Wed Dec 4 11:53:40 UTC 2013
Steve Clark <sclark at netwolves.com>

Hi,

Get ntopng and it will record the ips and ports involved.

www.ntop.org

On 12/03/2013 05:01 PM, Bowie Bailey wrote:
> On 12/3/2013 3:42 PM, diegors at gmail.com wrote:
>   > >
>   > > ------Mensaje original------ De: Bowie Bailey Remitente:
>   > > centos-bounces at centos.org Para: CentOS mailing list Responder a:
>   > > CentOS mailing list Asunto: [CentOS] Outbound traffic spike every 30
>   > > minutes Enviado: 3 de dic de 2013 19:36
>   > >
>   > > Since Sunday morning, one of my CentOS servers has been generating a
>   > >  small spike of outbound traffic every 30 minutes (X:00 and X:30).
>   > > It's not enough traffic to really cause any notice except for the
>   > > fact that it is a very regular pattern and it started abruptly at
>   > > midnight Sunday.
>   > >
>   > > This server is used for mail (Courier-MTA), and DNS (Bind).  I cannot
>   > >  find anything unusual in either of those logs.  I tried grepping
>   > > through my firewall logs, but have been unable to find anything
>   > > useful there either.  I don't see any cron jobs that would generate
>   > > network traffic.
>   > >
>   > > Any suggestions how I can go about tracking this down?
>   > >
>   >
>   > Is inbound or outbound?
>   > What port?
>   > tcp or udp?
>
> It is outbound from my server to the Internet.  My traffic monitor does
> not give me any more detailed information, just a nice sawtooth graph
> showing the regular spikes.
>
> TCP or UDP and the port is part of what I am trying to determine.
>


-- 
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com