top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

Outbound traffic spike every 30 minutes on my Linux server?

+3 votes

Since last two days one of my CentOS servers has been generating a small spike of outbound traffic every 30 minutes (X:00 and X:30). It's not enough traffic to really cause any notice except for the fact that it is a very regular pattern and it started abruptly at midnight Sunday.

I tried grepping through my firewall logs, but have been unable to find anything useful there either. I don't see any cron jobs that would generate network traffic. Any suggestions how I can go about tracking this down?

posted Dec 3, 2013 by Meenal Mishra

Share this question
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button
Run rkhunter? Actually, if it's that regular, you could run tcpdump when you expect it.
Is inbound or outbound? What port? tcp or udp?
It is outbound from my server to the Internet. My traffic monitor does  not give me any more detailed information, just a nice sawtooth graph showing the regular spikes.

TCP or UDP and the port is part of what I am trying to determine.

1 Answer

0 votes

Actually, if it's that regular, you could run tcpdump when you expect it.

answer Dec 5, 2013 by Kumar Mitrasen
rkhunter complained about a few files, but "rpm --verify" doesn't flag any of them. Other than that, just a few insecure settings and out of date programs, which are not ideal, but do not indicate a problem on their own.

I could try running tcpdump or wireshark, but that's going to generate a lot of data and I'm not sure how to go about filtering it. I know the spike happens on the hour and half hour, but my traffic monitor does not give me enough detail to see exactly when it starts or exactly how long it lasts and I don't know what protocol or port I'm looking for.
Similar Questions
+3 votes

We have to setup a server which gets a copy of all messages send and received by our mailserver as a 1:1 copy. Mails send to multiple recipients should be calculated and saved per user. (great if you usually have lost of mails send to groups of people.)

So no duplication should be used here. (e.g. save the message and refer the different recipients to it.)

How can I calculate the current traffic in the best way to extrapolate the amount of space to be planed for the new server?

0 votes

I am not sure whether my understanding is correct or not. As per my knowledge, UL-TFT at UE side takes care of IP packet to bearer mapping. I have seen many reference of LTE UE stack for user plane and found IP layer is just above the PDCP layer.
Packet filters are communicated to UE from the network using NAS signalling.
I just want to know where exactly/which layer is responsible to do bearer mapping at UE side.

+1 vote

I am using centos and trying to do an rsync of the entire /var directory, but exclude just the /var/www directory.

So far I've tried these approaches:

rsync -avzp --exclude-from=/var/www /var/ /mnt/var/    
rsync -avzp --exclude=/var/www /var/ /mnt/var/

But neither has worked. Can I get a suggestion on how to get this to happen?

+2 votes

I am used to traditional update-rc.d et all.

Now I wonder how to add a a script that used to called by init.d (with start/sop ..) to the new "service start xx" regime.

All the tutorials I found talk about how to use update-rc.d..

Contact Us
+91 9880187415
#280, 3rd floor, 5th Main
6th Sector, HSR Layout
Karnataka INDIA.