From owner-freebsd-questions@FreeBSD.ORG Tue Feb 21 10:32:15 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1795216A420 for ; Tue, 21 Feb 2006 10:32:15 +0000 (GMT) (envelope-from freebsd-01@jeremykister.com) Received: from qmail-01.nntx.net (qmail-01.nntx.net [204.9.96.15]) by mx1.FreeBSD.org (Postfix) with SMTP id A199243D48 for ; Tue, 21 Feb 2006 10:32:14 +0000 (GMT) (envelope-from freebsd-01@jeremykister.com) Received: (qmail 17614 invoked by uid 1010); 21 Feb 2006 05:32:13 -0500 Received: by simscan 1.2.0 ppid: 17586, pid: 17609, t: 0.3336s scanners:none Received: from unknown (HELO ?10.9.1.2?) (smtpauth-01@jeremykister.com@68.37.176.150) by qmail-01.nntx.net with SMTP; 21 Feb 2006 05:32:12 -0500 Message-ID: <43FAEC1C.7060103@jeremykister.com> Date: Tue, 21 Feb 2006 05:31:56 -0500 From: Jeremy Kister User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <43FAE72D.4000208@chamonix.reportlab.co.uk> In-Reply-To: <43FAE72D.4000208@chamonix.reportlab.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: traffic analysis X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 10:32:15 -0000 On 2/21/2006 5:10 AM, Robin Becker wrote: > Our freeBSD 6.0 host is not yet in production, but appears to have outgoing > traffic of around 140Mb/day; the http logs say 16 hits etc. The host provider > said this 140Mb/day is really not that much. Unless my math is wrong because it's past bed time: 140Mb/day divided by 86400 seconds per day = 0.001 Mb/second (average) 0.001 Mb/second = 1.659 Kb/second this means a dialup modem could handle your average traffic. and remember Mb is Megabits, not MegaBytes. > "The server is on a /20-network, and this leads to high amounts of > background traffic (ARP, broadcast, etc.). These traffic types are > likely to be the reason for most of your outbound traffic." Is your server's netmask 255.255.240.0 ??? If it is, call your provider, laugh at them, and then call a new provider. If your netmask is not 255.255.240.0, call the person who gave you that line, laugh at them, and try to find someone more intelligent :) You're surely not on a subnet with 4000 hosts. > I'm not sure I follow this argument. Does this mean I'm responding to large > number of spurious requests? The provider's analysis of the input volume is > pretty small (0Mb). If you were on a network with 4000 other machines, it could certainly cause problems. But i'd bet that someone is just confused -- i'd bet that their entire network space is a /20, and they have allocated a small part of it for your network. > Is there a tool that can give me some reasonable data on this sort of problem? > Perhaps I need to close down some services etc. I doubt it, but you can try tcpdump. -- Jeremy Kister http://jeremy.kister.net./