TLUG Mailing List

Mailing List Archive

   tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] httpd strangeness

Date: Fri, 06 Apr 2007 00:06:17 +0900

From: scott <scott@example.com>

Subject: [tlug] httpd strangeness

Hi everyone,

The last couple of days I've noticed some strange behavior with my server at home- extreme network latency all of a sudden. Ping time to google is usually 208 ms but during this phenomena it shoots up to over 2000 ms. To troubleshoot the latest event, I did a the following (edited for brevity):

[root@example.com scott]# netstat -tuapn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0 81200 219.114.58.46:80            58.138.12.186:50661         ESTABLISHED 24628/httpd
tcp        0 70000 219.114.58.46:80            58.138.12.186:50660         ESTABLISHED 16617/httpd
tcp        0 79800 219.114.58.46:80            58.138.12.186:50662         ESTABLISHED 16616/httpd

[root@example.com sbin]# tcpdump -i ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
23:40:58.909627 IP 186.12.138.58.dy.bbexcite.jp.50660 > slackisland.org.http: . ack 805046405 win 64400 <nop,nop,timestamp 662900488 523132041>
23:40:58.909678 IP slackisland.org.http > 186.12.138.58.dy.bbexcite.jp.50660: . 61601:63001(1400) ack 0 win 1402 <nop,nop,timestamp 523134165 662900488>

So it looks like apache is taking a hit- dumping a lot of data to this guest from bbexcite. The same thing happened yesterday but it was to a host on OCN p7164-ipad412marunouchi.tokyo.ocn.ne.jp. I checked webalizer and these hosts had shown up:

Top 10 of 135 Total Sites By KBytes
# Hits Files KBytes Visits Hostname
1 4 0.19% 4 0.25% 194038 17.44% 0 0.00% p7164-ipad412marunouchi.tokyo.ocn.ne.jp
2 3 0.14% 3 0.18% 159350 14.32% 0 0.00% 186.12.138.58.dy.bbexcite.jp
3 3 0.14% 3 0.18% 159350 14.32% 0 0.00% 222.146.199.164

So it looks like they are not "visiting", but they are downloading a lot of data. I am wondering if I should be concerned? I'm already pretty paranoid after getting my system broken into last year. If it isn't anything to worry about, I wonder if I can take off my tin hat and just throttle this kind of stuff to prevent my network from becoming so slow.

Anybody else experiencing anything like this lately?

Thanks in advance,
Scott VanDusen
Tokyo

Follow-Ups:

Re: [tlug] please ignore my previous mail regarding httpd strangeness
From: scott

Re: [tlug] httpd strangeness
From: Curt Sampson

Prev by Date: Re: [tlug] TLUG Funding (was: Feisty Upgrade, USB issues and other oddities)

Next by Date: Re: [tlug] please ignore my previous mail regarding httpd strangeness

Previous by thread: Re: [tlug] TLUG Funding (was: Feisty Upgrade, USB issues and other oddities)

Next by thread: Re: [tlug] please ignore my previous mail regarding httpd strangeness

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links