Date: Tue, 24 May 2005 12:28:38 +0300 From: Ion-Mihai Tetcu <itetcu@apropo.ro> To: Dan Nelson <dnelson@allantgroup.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.org> Subject: Re: tracking down network load? Message-ID: <20050524122838.6fd7b626@it.buh.cameradicommercio.ro> In-Reply-To: <20050523193524.GC16069@dan.emsphone.com> References: <20050523185517.GC44534@keyslapper.net> <20050523193524.GC16069@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 23 May 2005 14:35:25 -0500
Dan Nelson <dnelson@allantgroup.com> wrote:
> In the last episode (May 23), Louis LeBlanc said:
> > I have a strange question. Well, maybe not so strange.
> >
> > I am working on my 5.3 RELEASE system, and I notice my network
> > monitor on gkrellm is showing unexplained loads (15/23Kbps sustained)
> > in traffic on the external interface.
> >
> > I'm not too concerned that this is a security breach, but I do notice
> > at least one ESTABLISHED connection that I can't explain (it goes
> > back to AOL, which naturally sows a little mistrust).
> >
> > Anyway, how to I find the actual process (server or otherwise) on my
> > end that is handling a given connection, and what kind of load it is
> > handling?
>
> sockstat or "lsof -i" will tell you which sockets belong to which
> processes, and tcpdump or any of a dozen or so programs in ports will
> give you detailed network usage. Start with trafshow and iftop.
Nice thing iftop; unfortunately iftop is not maintained and on my
5-STABLE after a few seconds:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1 (LWP 100167)]
0x080af5ef in ?? ()
(gdb) bt full
#0 0x080af5ef in ?? ()
No symbol table info available.
#1 0x0000002f in ?? ()
No symbol table info available.
#2 0x0804a42f in hash_insert (hash_table=0x8086000, key=0xbfbfebb0, rec=0xbfbfebf5) at hash.c:23
p = (hash_node_type *) 0x80afbf0
p0 = (hash_node_type *) 0x0
bucket = 8
#3 0x0804d3b1 in analyse_data () at ui.c:509
screen_line = (host_pair_line *) 0x80b4100
u_screen_line = {h_p_l_pp = 0xbfbfebf5, void_pp = 0xbfbfebf5}
i = 0
d = (history_type *) 0x8055400
ap = {protocol = 0, src_port = 0, src = {s_addr = 167815360}, dst_port = 0, dst = {
s_addr = 1654854465}}
n = (hash_node_type *) 0x80afba0
#4 0x0804a827 in tick (print=0) at iftop.c:131
t = 1116926686
#5 0x0804e784 in ui_loop () at ui.c:1103
i = -1077941259
#6 0x0804b1de in main (argc=-1077941259, argv=0xbfbfebf5) at iftop.c:547
thread = 0x8085e00
sa = {__sigaction_u = {__sa_handler = 0x804a660 <finish>, __sa_sigaction = 0x804a660 <finish>},
sa_flags = 0, sa_mask = {__bits = {0, 0, 0, 0}}}
(gdb) info threads
6 Thread 5 (LWP 100180) 0x2812309b in pthread_testcancel () from /usr/lib/libpthread.so.1
5 Thread 4 (runnable) 0x2811b5a5 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1
4 Thread 3 (runnable) 0x2811b5a5 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1
3 Thread 2 (runnable) 0x2817c72f in read () from /lib/libc.so.5
* 2 Thread 1 (LWP 100167) 0x080af5ef in ?? ()
--
IOnut
Unregistered ;) FreeBSD "user"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050524122838.6fd7b626>