0

I looked at the bandwidth utilization on my "theplanet" management tools yesterday.

  • Before November it was an average of 20GB per month.
  • After November it is an average of 140GB per month!

The traffic of my website has not increased (I checked Google Analytics). All the increased bandwidth is INBOUND bandwidth.

I did a vnstat -l and it appear that I'm receiving something of about 12MiB every 10 minutes.

How can I know what it is, where it is and from where it is coming from?

The server is on Centos.

UPDATES :

How can I do a simple sniff of the traffic?

There is an FTP server but I looked at the log vi /var/log/xferlog and nothing is weird in the log.

No email are hosted on the server (how can i verify that to be sure?).

november bandwidth You can see that starting at the end of W48, the bandwidth from internet become crazy...

Community
  • 1
benjisail
  • 1,331
  • 5
  • 19
  • 32

2 Answers2

2

tcpdump will show current traffic passing through the server presuming you have root access to it. netstat will give a list of all current connections and doesn't need root access. It might also help to run 'netstat -ltup' to show what ports the server is listening on and what program is responsible for each connection.

WheresAlice
  • 5,530
  • 2
  • 24
  • 20
  • I used this http://www.msamir.net/the-art-of-network-debugging-with-tcpdump/ to help me with tcpdump and I found where was the issue. Thanks! – benjisail Feb 10 '10 at 11:45
1

Do you have any ability to take a sniff of the traffic? You need to find out what the traffic is and what host(s) are sending it.
Are you sharing files on this site? Do you have an open/insecure FTP server that someone could be feeding data to?
How about email, is it hosted on this site? Some outlook clients will never give up sending a message with certain non-fatal errors.
In short, we need more information to help you troubleshoot.

Scott Lundberg
  • 2,364
  • 2
  • 14
  • 22
  • How can I do a simple sniff of the traffic? There is an FTP server but I looked at the log `vi /var/log/xferlog` and nothing is weird in the log. No email are hosted on the server (how can i verify that to be sure?). – benjisail Feb 09 '10 at 16:09
  • Usually tcpdump is installed, unless you have a custom trimmed down install. I don't know CentOS that well, but if it has yum , you could try: yum search tcpdump That will tell you what the most current package of tcpdump is, then use: yum install – Scott Lundberg Feb 09 '10 at 17:03