traffic analysis
Jeremy Kister
freebsd-01 at jeremykister.com
Tue Feb 21 02:32:15 PST 2006
On 2/21/2006 5:10 AM, Robin Becker wrote:
> Our freeBSD 6.0 host is not yet in production, but appears to have outgoing
> traffic of around 140Mb/day; the http logs say 16 hits etc. The host provider
> said this
140Mb/day is really not that much.
Unless my math is wrong because it's past bed time:
140Mb/day divided by 86400 seconds per day = 0.001 Mb/second (average)
0.001 Mb/second = 1.659 Kb/second
this means a dialup modem could handle your average traffic.
and remember Mb is Megabits, not MegaBytes.
> "The server is on a /20-network, and this leads to high amounts of
> background traffic (ARP, broadcast, etc.). These traffic types are
> likely to be the reason for most of your outbound traffic."
Is your server's netmask 255.255.240.0 ??? If it is, call your
provider, laugh at them, and then call a new provider. If your netmask
is not 255.255.240.0, call the person who gave you that line, laugh at
them, and try to find someone more intelligent :)
You're surely not on a subnet with 4000 hosts.
> I'm not sure I follow this argument. Does this mean I'm responding to large
> number of spurious requests? The provider's analysis of the input volume is
> pretty small (0Mb).
If you were on a network with 4000 other machines, it could certainly
cause problems. But i'd bet that someone is just confused -- i'd bet
that their entire network space is a /20, and they have allocated a
small part of it for your network.
> Is there a tool that can give me some reasonable data on this sort of problem?
> Perhaps I need to close down some services etc.
I doubt it, but you can try tcpdump.
--
Jeremy Kister
http://jeremy.kister.net./
More information about the freebsd-questions
mailing list