tracking down network load?

Ion-Mihai Tetcu itetcu at apropo.ro
Tue May 24 02:28:43 PDT 2005


On Mon, 23 May 2005 14:35:25 -0500
Dan Nelson <dnelson at allantgroup.com> wrote:

> In the last episode (May 23), Louis LeBlanc said:
> > I have a strange question.  Well, maybe not so strange.
> > 
> > I am working on my 5.3 RELEASE system, and I notice my network
> > monitor on gkrellm is showing unexplained loads (15/23Kbps sustained)
> > in traffic on the external interface.
> > 
> > I'm not too concerned that this is a security breach, but I do notice
> > at least one ESTABLISHED connection that I can't explain (it goes
> > back to AOL, which naturally sows a little mistrust).
> > 
> > Anyway, how to I find the actual process (server or otherwise) on my
> > end that is handling a given connection, and what kind of load it is
> > handling?
> 
> sockstat or "lsof -i" will tell you which sockets belong to which
> processes, and tcpdump or any of a dozen or so programs in ports will
> give you detailed network usage.  Start with trafshow and iftop.

Nice thing iftop; unfortunately iftop is not maintained and on my
5-STABLE after a few seconds:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1 (LWP 100167)]
0x080af5ef in ?? ()
(gdb) bt full
#0  0x080af5ef in ?? ()
No symbol table info available.
#1  0x0000002f in ?? ()
No symbol table info available.
#2  0x0804a42f in hash_insert (hash_table=0x8086000, key=0xbfbfebb0, rec=0xbfbfebf5) at hash.c:23
        p = (hash_node_type *) 0x80afbf0
        p0 = (hash_node_type *) 0x0
        bucket = 8
#3  0x0804d3b1 in analyse_data () at ui.c:509
        screen_line = (host_pair_line *) 0x80b4100
        u_screen_line = {h_p_l_pp = 0xbfbfebf5, void_pp = 0xbfbfebf5}
        i = 0
        d = (history_type *) 0x8055400
        ap = {protocol = 0, src_port = 0, src = {s_addr = 167815360}, dst_port = 0, dst = {
    s_addr = 1654854465}}
        n = (hash_node_type *) 0x80afba0
#4  0x0804a827 in tick (print=0) at iftop.c:131
        t = 1116926686
#5  0x0804e784 in ui_loop () at ui.c:1103
        i = -1077941259
#6  0x0804b1de in main (argc=-1077941259, argv=0xbfbfebf5) at iftop.c:547
        thread = 0x8085e00
        sa = {__sigaction_u = {__sa_handler = 0x804a660 <finish>, __sa_sigaction = 0x804a660 <finish>},
  sa_flags = 0, sa_mask = {__bits = {0, 0, 0, 0}}}
(gdb) info threads
  6 Thread 5 (LWP 100180)  0x2812309b in pthread_testcancel () from /usr/lib/libpthread.so.1
  5 Thread 4 (runnable)  0x2811b5a5 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1
  4 Thread 3 (runnable)  0x2811b5a5 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1
  3 Thread 2 (runnable)  0x2817c72f in read () from /lib/libc.so.5
* 2 Thread 1 (LWP 100167)  0x080af5ef in ?? ()


-- 
IOnut
Unregistered ;) FreeBSD "user"




More information about the freebsd-questions mailing list