WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Incorrect Network Traffic

To: Kashif Ali <kashif_quaidian@xxxxxxxxxxx>
Subject: Re: [Xen-users] Incorrect Network Traffic
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
Date: Fri, 25 Sep 2009 09:06:31 +0700
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 24 Sep 2009 19:07:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <SNT108-W21A74987D558501142E5C180DA0@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <SNT108-W21A74987D558501142E5C180DA0@xxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Fri, Sep 25, 2009 at 5:12 AM, Kashif Ali <kashif_quaidian@xxxxxxxxxxx> wrote:
> # ifconfig eth0
> eth0      Link encap:Ethernet  HWaddr 00:16:3E:04:19:F3
>           inet addr:  Bcast:69.73.151.255  Mask:255.0.0.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:73317949 errors:0 dropped:0 overruns:0 frame:0

> From where correct traffic states can be found? Please advise am i missing
> something or is there any settings/changes required in xen scripts?

If you're using public IP address and getting high RX packet count
then most likely you're being flooded. Probably from virus or malware
on that network. Try runnning "iftop -n -i eth0", which can show which
IP address uses most bandwidth. Once you have that, you can go into
details and see what kind of traffic it is using tcpdump.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users