traffic analysis
Danial Thom
danial_thom at yahoo.com
Tue Feb 21 08:17:01 PST 2006
--- Jeremy Kister <freebsd-01 at jeremykister.com>
wrote:
> On 2/21/2006 5:10 AM, Robin Becker wrote:
> > Our freeBSD 6.0 host is not yet in
> production, but appears to have outgoing
> > traffic of around 140Mb/day; the http logs
> say 16 hits etc. The host provider
> > said this
>
> 140Mb/day is really not that much.
>
> Unless my math is wrong because it's past bed
> time:
> 140Mb/day divided by 86400 seconds per day =
> 0.001 Mb/second (average)
> 0.001 Mb/second = 1.659 Kb/second
>
> this means a dialup modem could handle your
> average traffic.
>
> and remember Mb is Megabits, not MegaBytes.
>
> > "The server is on a /20-network, and this
> leads to high amounts of
> > background traffic (ARP, broadcast, etc.).
> These traffic types are
> > likely to be the reason for most of your
> outbound traffic."
>
> Is your server's netmask 255.255.240.0 ??? If
> it is, call your
> provider, laugh at them, and then call a new
> provider. If your netmask
> is not 255.255.240.0, call the person who gave
> you that line, laugh at
> them, and try to find someone more intelligent
> :)
>
> You're surely not on a subnet with 4000 hosts.
Laughing at your cable company will get you
nowhere fast. That is a fairly typical subnet
mask for a large cable network. Cable companies
usually have larger networks than say, guys who
hang out on the freebsd-questions list.
Now on a cable network you'll see tons of
INCOMING traffic (I get about 40pps of ARPS
continuously), but you shouldn't be responding to
them
you can use
tcpdump -i INTERFACE_NAME src YOUR_ADDRESS
to quickly view the traffic going out of your
machine.
DT
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-questions
mailing list