Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-10-2014, 05:46 AM
|
#1
|
Member
Registered: Dec 2014
Location: Japan
Distribution: slackware64-current
Posts: 78
Rep:
|
Load average of 100% in my router when connected to my Linux box
This last 2 weeks I've been having troubles with my router (Buffalo WHR-HP-GN, running DD-WRT v24-sp2 (12/03/14) std - build 25544) stopping to work after a while of having my Linux PC on. I have two PCs connected by wire to it, my PC which is usually running Slackware 14.1, and my roommate's which is usually running Windows 7. We bought another router thinking that the old Buffalo had malfunctioned, only to find out that the problem still persisted whenever my PC was connected to it. Today looking at the status tab of the DD-WRT control panel I noticed that when running Windows, the load average stayed down at around 10%, and when I switched back to Linux, for a while it stayed that way, but after about an hour or two I noticed it had risen to 100%, and the network became useless. I switched back to Windows, and after a few minutes, the load average starting lowering (now at 15%). It actually took quite a while for it to go down from 100%.
I was wondering how I could troubleshoot this problem, now that I know the cause is something in my Linux installation. Thanks!
|
|
|
12-10-2014, 05:59 AM
|
#2
|
Member
Registered: Oct 2007
Posts: 47
Rep:
|
Try to look at your linux network load. Try to catch some packages for analyse.
|
|
|
12-11-2014, 01:01 AM
|
#3
|
Member
Registered: Dec 2014
Location: Japan
Distribution: slackware64-current
Posts: 78
Original Poster
Rep:
|
Thanks for the reply!
I used "tcpdump -i eth0" over the period of a bit over 30 minutes until the problem started. I got the results on dropbox: https://dl.dropboxusercontent.com/u/...tcpdump.log.xz
At 01:18:40.727546 (or line 528601), there is an obvious change, which is also the time when the connection started failing. I stopped the logging just a minute or so later. For the remaining minute I kept getting these kind of messages: "IP landau.40271 > 115.238.184.107.5021: tcp 64 [bad hdr length 8 - too short, < 20]", where landau is my hostname. I don't really know what to make of all this though. Thanks for the help!
|
|
|
12-11-2014, 02:51 PM
|
#4
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,804
|
That 115.238.x.y address is located in China. I recommend going over to the Linux Security forum and seeing if someone there can help you clean out whatever is sending those packets.
|
|
|
12-11-2014, 03:30 PM
|
#5
|
Member
Registered: Oct 2007
Posts: 47
Rep:
|
Do you use IRC chat ? Or your zombie bot use it. Anyway it look like your linux box become a bot. Try to look at running processes, crontab scripts, temp catalogs. Or run some antivirus or other scanner tools.
|
|
|
12-12-2014, 05:58 AM
|
#6
|
Member
Registered: Dec 2014
Location: Japan
Distribution: slackware64-current
Posts: 78
Original Poster
Rep:
|
Actually I do use irc. This time the problem was triggered just as I connected to the server if I remember correctly. But that's not always the case. I took a look at the crontab scripts and there was nothing suspicious there. I guess I'll run some antivirus next. I'll also post the question in the security forum as per your suggestion. Thanks for the help!
|
|
|
All times are GMT -5. The time now is 08:47 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|