What the hell??!? (blah, blah of a wannabe alien)
tcpdump
If you ever need to figure out what is eating bandwidth on a server, tcpdump comes in handy…
tcpdump -n -i any
That will spew out everything, so you might be able to find anything that looks suspicious in there. Say you find the IP address of 1.2.3.4 doing something suspicious, you can zero in on them to see if they are doing anything naughty like so:
tcpdump -n -i any host 1.2.3.4
In my case, someone was utilizing one of my DNS servers for about 200 lookups per second (not logging DNS lookups and it’s UDP traffic so it was hard to figure out where the bandwidth was going).
Once you find a naughty IP address, now just block them like so:
route add -host 1.2.3.4 reject (Linux)
or
route add -host 1.2.3.4 255.255.255.255 -reject (Mac OS X/BSD)
| Print article | This entry was posted by Shawn on January 25, 2006 at 12:14 am, and is filed under Server Admin. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 6 years ago
Thanks for the tip. I assume that tcpdump thing is done in shell/telnet or whatever it’s called?
about 6 years ago
Yep… shell stuff.
about 5 years ago
Good tip shawn, thanks. I seriously admire the tech section and your knowledge!