spynappels
April 15th, 2009, 08:15 AM
Hi Guys,
I am using Ubuntu Servers to host a webapp (LAMP setup) and I have a problem with one specific server. It seems to crash the firewall at intervals, and it seems to do this by generating a lot of traffic, which overloads the f/w. All internet connectivity on the whole network is then lost until that server is rebooted.
I have disabled hamachi as this may have been the problem partially, didn't play nice with Samba and network master browser, but yesterday apparently it was generating a large amount of traffic so that the router was running at 98%CPU, which again stopped when the server was rebooted.
What I don't get is why so much traffic is being generated, at times when this happens there may not even be external access, only local clients may be connected.
I was looking at using tcpdump to check what the traffic actually is, but I have one or two questions. Firstly, how much of the system resources does it use? Will it noticeably slow the server down? Secondly, what is the syntax to run tcpdump continuously for say a week and dump the results into txt files of say 1 MB each, and how do I specify the names of the text file? The man pages are not terribly helpful on this score.
I appreciate any help you can give me.
Regards,
Stefan.
I am using Ubuntu Servers to host a webapp (LAMP setup) and I have a problem with one specific server. It seems to crash the firewall at intervals, and it seems to do this by generating a lot of traffic, which overloads the f/w. All internet connectivity on the whole network is then lost until that server is rebooted.
I have disabled hamachi as this may have been the problem partially, didn't play nice with Samba and network master browser, but yesterday apparently it was generating a large amount of traffic so that the router was running at 98%CPU, which again stopped when the server was rebooted.
What I don't get is why so much traffic is being generated, at times when this happens there may not even be external access, only local clients may be connected.
I was looking at using tcpdump to check what the traffic actually is, but I have one or two questions. Firstly, how much of the system resources does it use? Will it noticeably slow the server down? Secondly, what is the syntax to run tcpdump continuously for say a week and dump the results into txt files of say 1 MB each, and how do I specify the names of the text file? The man pages are not terribly helpful on this score.
I appreciate any help you can give me.
Regards,
Stefan.