LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Solaris / OpenSolaris (http://www.linuxquestions.org/questions/solaris-opensolaris-20/)
-   -   Help finding causes of high broadcast traffic on solaris (http://www.linuxquestions.org/questions/solaris-opensolaris-20/help-finding-causes-of-high-broadcast-traffic-on-solaris-4175427601/)

ginda 09-17-2012 03:13 AM

Help finding causes of high broadcast traffic on solaris
 
We have a solaris 10 server that had a period of high network broadcast traffic for some unknown reason a few week back, could someone please advise what I could check to find the cause

Thanks in advance

tronayne 09-17-2012 07:58 AM

You might want to start with the logs; messages, secure, syslog, access_log, error_log (those two from your Apache installation), possibly mail, cron and NTP (if you log it). Probably not going to find much from a few weeks ago but it might be worth a shot. Look though any other logs you may have while you're at it.

A good tool to install for monitoring network traffic is NTOP (http://www.ntop.org/). 'Course that would be after the horse already left the barn but for the future, eh? NTOP will show you graphically what's going on now (and what's been going on over time) that might point you in a direction.

If there's no records to look at and it only happened once and hasn't happened again, well, chalk it up to the ghosts in the machine -- but more likely a user being naughty or somebody trying to hack you, hopefully unsuccessfully.

Hope this helps some.

ginda 09-17-2012 09:24 AM

Thanks for your reply, i am not able to install any new tools such as dtrace or ntop. The issue is still happening, its basically high broadcast traffic. Need a way to identify what is causing the high traffic

jlliagre 09-17-2012 04:22 PM

Quote:

Originally Posted by ginda (Post 4782312)
Thanks for your reply, i am not able to install any new tools such as dtrace or ntop.

dtrace is not a tool you need to install, it's part of the base OS.
Quote:

The issue is still happening, its basically high broadcast traffic. Need a way to identify what is causing the high traffic
How do you measure this high broadcast traffic and where ?

snoop is the basic Solaris tool to capture network traffic and start investigating it.


All times are GMT -5. The time now is 07:02 AM.