Where is incoming traffic coming from?
Amedee @ Ubuntu
amedee-ubuntu at amedee.be
Sat Aug 1 14:37:34 UTC 2009
On Sat, August 1, 2009 00:13, Florian Diesch wrote:
> "Amedee @ Ubuntu" <amedee-ubuntu at amedee.be> writes:
>
>> On Fri, July 31, 2009 01:00, a_puzzeled_newbie(^_^); wrote:
>>> there are log evaluators you can get online to sort through logs... As
>>> far
>>> as i know you would have to go through your traffic logs to see where a
>>> majority of this is coming from and send it through an analizer of some
>>> sort. Sorry i cant help out more then that. I myself have ran a few
>>> ubuntu
>>> servers but have never ran into something like this unless your
>>> shorwall
>>> is
>>> having constant comunication between it and the server you have
>>> running.
>>> Other then that i dont think i can help much.
>>
>> Sorry, perhaps I didn't explain well.
>> Shorewall is running on the same server.
>> I only allow ping, ssh, smtp, http(s) and imap(s). I have enabled
>> shorewall accounting for all those services, and for the total.
>> The sum of allowed traffic just doesn't add up to the total amount of
>> traffic.
>
> The incoming traffic is still there, even if you drop the packages.
I know.
Does ntop see the traffic before or after it is dropped?
--
Amedee
More information about the ubuntu-users
mailing list