[CentOS] Outbound traffic spike every 30 minutes

Tue Dec 3 21:49:23 UTC 2013
m.roth at 5-cent.us <m.roth at 5-cent.us>

Bowie Bailey wrote:
> Since Sunday morning, one of my CentOS servers has been generating a
> small spike of outbound traffic every 30 minutes (X:00 and X:30). It's
> not enough traffic to really cause any notice except for the fact that
> it is a very regular pattern and it started abruptly at midnight Sunday.
>
> This server is used for mail (Courier-MTA), and DNS (Bind).  I cannot
> find anything unusual in either of those logs.  I tried grepping through
> my firewall logs, but have been unable to find anything useful there
> either.  I don't see any cron jobs that would generate network traffic.
>
> Any suggestions how I can go about tracking this down?

Run rkhunter?

Actually, if it's that regular, you could run tcpdump when you expect it.

      mark