I rent a dedicated server from a hosting company upon which I run FreeBSD. I'm concerned that the hosting company's network seems to be sending traffic to my host that isn't destined for it.
If I watch tcpdump output, I see many packets that have neither a source or a destination address matching my server's IP address(es) and which aren't broadcast packets either. I'm wondering if they have something misconfigured on their network.
Given that my hosting package has a monthly data allowance, and that they measure this at the switch ports, I'm worried that it is being used up by traffic that has nothing to do with my host.
What I want to do is set up some RRD graphs seperately showing total bytes received by the interface and bytes received for my IP addresses to highlight the difference and wonder if the following netstat command can tell me this:
That gives the following output:
Am I correct in thinking that the first line for <Link#1> is showing the total number of packets received by the physical interface, while the (netaddr[1234]) lines are showing the counts for packets destined specifically for my host's IP addresses?
If this is the case, this would seem to be evidence of the large difference between total traffic received and that which is destined for my host and I'll need to raise it with the hosting company. If I can show them some shiny graphs, it might make it easier to convince them something is not right.
If I watch tcpdump output, I see many packets that have neither a source or a destination address matching my server's IP address(es) and which aren't broadcast packets either. I'm wondering if they have something misconfigured on their network.
Given that my hosting package has a monthly data allowance, and that they measure this at the switch ports, I'm worried that it is being used up by traffic that has nothing to do with my host.
What I want to do is set up some RRD graphs seperately showing total bytes received by the interface and bytes received for my IP addresses to highlight the difference and wonder if the following netstat command can tell me this:
# netstat -biI bge0
That gives the following output:
Code:
Name Mtu Network Address Ipkts Ierrs Idrop Ibytes Opkts Oerrs Obytes Coll
bge0 1500 <Link#1> 00:1e:c9:fe:1b:e0 2219963 0 0 511067854 633802 0 310133794 0
bge0 1500 (netaddr1) beastie 575776 - - 347168026 633797 - 301260426 -
bge0 1500 (netaddr2) alias1 922 - - 62309 0 - 0 -
bge0 1500 (netaddr3) alias2 13 - - 564 0 - 0 -
bge0 1500 (netaddr4) alias3 14 - - 636 0 - 0 -
Am I correct in thinking that the first line for <Link#1> is showing the total number of packets received by the physical interface, while the (netaddr[1234]) lines are showing the counts for packets destined specifically for my host's IP addresses?
If this is the case, this would seem to be evidence of the large difference between total traffic received and that which is destined for my host and I'll need to raise it with the hosting company. If I can show them some shiny graphs, it might make it easier to convince them something is not right.