Date: Fri, 7 Dec 2012 10:04:21 +0700 From: Olivier Nicole <olivier.nicole@cs.ait.ac.th> To: Matthew Seaman <matthew@freebsd.org> Cc: freebsd-questions@freebsd.org Subject: Re: netstat -i Message-ID: <CA%2Bg%2BBvgiZ_bjVhYe5VSKzy=ydAgVG7ZAF2iJ8cYHcceABCh85Q@mail.gmail.com> In-Reply-To: <50C065A6.6080704@freebsd.org> References: <201212060551.qB65phdO016130@banyan.cs.ait.ac.th> <50C05FD8.1040609@freebsd.org> <201212060912.qB69CcTG018111@banyan.cs.ait.ac.th> <50C065A6.6080704@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you Matthew and Ilya, >> There is only one layer 3 network on that physical infrastructure (at >> least in that VLAN). And there are only 8 machines in that VLAN, no >> routing, as the VLAN is primarily designed for NFS. >> >> I did not sjow the most disturbing figure where at output bytes is 3.7 >> TB at MAC level but only 156 GB at IP level (2000 times less). The >> large amount of output bytes is understandable for the machine is an >> NFS server. >> >> 3TB is not big, but is at IP level, not at MAC level. > > It could be down to broken equipment attached to the network. If > something is spewing out malformed packets, you might well see that sort > of effect. > > Try firing up tcpdump or wireshark -- they'll both capture the layer 2 > traffic and given the volumes you're seeing, it should be fairly obvious > from visual inspection of the output what is going on. I tried wireshark with 2 filters: filter "not ip" shows only spanning tree packets, almost no traffic filter "ip" shows the bulk of traffic filter "ip and not host 10.41.170.1" shows no traffic That was expected. So I believe it has something to do with the way netstat -i reports the data. Best regards, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bg%2BBvgiZ_bjVhYe5VSKzy=ydAgVG7ZAF2iJ8cYHcceABCh85Q>