[GTER] grande numero de pacotes

JOAO CARLOS MOURA jmoura at ninetel.com.br
Sun Feb 19 14:35:21 -03 2006 

Olá Antonio, muito obrigado por responder meu email.
Eu alterei os ips. Mais obrigado pela dica.

O script faz uma consulta em um campo. Caso esse campo esteja com o valor 1, 
dispara
uma serie de processos.

Mando mais linhas:
11:22:09.885260 ip-local.39993 > ip-remoto.mysql: . ack 45 win 5808 
<nop,nop,timestamp 33087090 819074787> (DF) [tos 0x8]
11:22:09.885395 ip-local.39993 > ip-remoto.mysql: P 1:25(24) ack 45 win 5808 
<nop,nop,timestamp 33087090 819074787> (DF) [tos 0x8]
11:22:10.117267 ip-remoto.mysql > ip-local.39993: . ack 25 win 5792 
<nop,nop,timestamp 819074810 33087090> (DF)
11:22:10.119245 ip-remoto.mysql > ip-local.39993: P 45:52(7) ack 25 win 5792 
<nop,nop,timestamp 819074810 33087090> (DF)
11:22:10.119457 ip-local.39993 > ip-remoto.mysql: P 25:41(16) ack 52 win 
5808 <nop,nop,timestamp 33087113 819074810> (DF) [tos 0x8]
11:22:10.343232 ip-remoto.mysql > ip-local.39993: P 52:59(7) ack 41 win 5792 
<nop,nop,timestamp 819074832 33087113> (DF)
11:22:10.343527 ip-local.39993 > ip-remoto.mysql: P 41:109(68) ack 59 win 
5808 <nop,nop,timestamp 33087136 819074832> (DF) [tos 0x8]
11:22:10.573358 ip-remoto.mysql > ip-local.39993: P 59:128(69) ack 109 win 
5792 <nop,nop,timestamp 819074855 33087136> (DF)
11:22:10.573668 ip-local.39993 > ip-remoto.mysql: P 109:177(68) ack 128 win 
5808 <nop,nop,timestamp 33087159 819074855> (DF) [tos 0x8]
11:22:10.723413 61.134.48.59.1247 > ip-local.12610: udp 98
11:22:10.723497 ip-local > 61.134.48.59: icmp: ip-local udp port 12610 
unreachable [tos 0xc0]
11:22:10.803242 ip-remoto.mysql > ip-local.39993: P 128:197(69) ack 177 win 
5792 <nop,nop,timestamp 819074878 33087159> (DF)
11:22:10.803640 ip-local.39993 > ip-remoto.mysql: P 177:245(68) ack 197 win 
5808 <nop,nop,timestamp 33087182 819074878> (DF) [tos 0x8]
11:22:11.033397 ip-remoto.mysql > ip-local.39993: P 197:266(69) ack 245 win 
5792 <nop,nop,timestamp 819074901 33087182> (DF)
11:22:11.033827 ip-local.39993 > ip-remoto.mysql: P 245:313(68) ack 266 win 
5808 <nop,nop,timestamp 33087205 819074901> (DF) [tos 0x8]
11:22:11.265247 ip-remoto.mysql > ip-local.39993: P 266:335(69) ack 313 win 
5792 <nop,nop,timestamp 819074925 33087205> (DF)
11:22:11.265669 ip-local.39993 > ip-remoto.mysql: P 313:380(67) ack 335 win 
5808 <nop,nop,timestamp 33087228 819074925> (DF) [tos 0x8]
11:22:11.495378 ip-remoto.mysql > ip-local.39993: P 335:404(69) ack 380 win 
5792 <nop,nop,timestamp 819074948 33087228> (DF)
11:22:11.495837 ip-local.39993 > ip-remoto.mysql: P 380:446(66) ack 404 win 
5808 <nop,nop,timestamp 33087251 819074948> (DF) [tos 0x8]
11:22:11.567306 221.196.149.173.11545 > ip-local.12610: udp 62
11:22:11.567463 ip-local > 221.196.149.173: icmp: ip-local udp port 12610 
unreachable [tos 0xc0]
11:22:11.727478 ip-remoto.mysql > ip-local.39993: P 404:473(69) ack 446 win 
5792 <nop,nop,timestamp 819074971 33087251> (DF)
11:22:11.727922 ip-local.39993 > ip-remoto.mysql: P 446:511(65) ack 473 win 
5808 <nop,nop,timestamp 33087274 819074971> (DF) [tos 0x8]
11:22:11.957356 ip-remoto.mysql > ip-local.39993: P 473:542(69) ack 511 win 
5792 <nop,nop,timestamp 819074994 33087274> (DF)
11:22:11.957774 ip-local.39993 > ip-remoto.mysql: P 511:575(64) ack 542 win 
5808 <nop,nop,timestamp 33087297 819074994> (DF) [tos 0x8]
11:22:12.095319 200.164.167.64.61319 > ip-local.12610: udp 62
11:22:12.095471 ip-local > 200.164.167.64: icmp: ip-local udp port 12610 
unreachable [tos 0xc0]
11:22:12.187504 ip-remoto.mysql > ip-local.39993: P 542:611(69) ack 575 win 
5792 <nop,nop,timestamp 819075017 33087297> (DF)
11:22:12.187927 ip-local.39993 > ip-remoto.mysql: P 575:638(63) ack 611 win 
5808 <nop,nop,timestamp 33087320 819075017> (DF) [tos 0x8]
11:22:12.419373 ip-remoto.mysql > ip-local.39993: P 611:680(69) ack 638 win 
5792 <nop,nop,timestamp 819075040 33087320> (DF)
11:22:12.419844 ip-local.39993 > ip-remoto.mysql: P 638:700(62) ack 680 win 
5808 <nop,nop,timestamp 33087343 819075040> (DF) [tos 0x8]
11:22:12.649501 ip-remoto.mysql > ip-local.39993: P 680:749(69) ack 700 win 
5792 <nop,nop,timestamp 819075063 33087343> (DF)
11:22:12.649963 ip-local.39993 > ip-remoto.mysql: P 700:761(61) ack 749 win 
5808 <nop,nop,timestamp 33087366 819075063> (DF) [tos 0x8]
11:22:12.879385 ip-remoto.mysql > ip-local.39993: P 749:818(69) ack 761 win 
5792 <nop,nop,timestamp 819075086 33087366> (DF)
11:22:12.879825 ip-local.39993 > ip-remoto.mysql: P 761:821(60) ack 818 win 
5808 <nop,nop,timestamp 33087389 819075086> (DF) [tos 0x8]
11:22:13.107557 ip-remoto.mysql > ip-local.39993: P 818:887(69) ack 821 win 
5792 <nop,nop,timestamp 819075109 33087389> (DF)
11:22:13.107969 ip-local.39993 > ip-remoto.mysql: P 821:880(59) ack 887 win 
5808 <nop,nop,timestamp 33087412 819075109> (DF) [tos 0x8]
11:22:13.337432 ip-remoto.mysql > ip-local.39993: P 887:956(69) ack 880 win 
5792 <nop,nop,timestamp 819075132 33087412> (DF)
11:22:13.337851 ip-local.39993 > ip-remoto.mysql: P 880:938(58) ack 956 win 
5808 <nop,nop,timestamp 33087435 819075132> (DF) [tos 0x8]
11:22:13.567583 ip-remoto.mysql > ip-local.39993: P 956:1025(69) ack 938 win 
5792 <nop,nop,timestamp 819075155 33087435> (DF)
11:22:13.568045 ip-local.39993 > ip-remoto.mysql: P 938:995(57) ack 1025 win 
5808 <nop,nop,timestamp 33087458 819075155> (DF) [tos 0x8]
11:22:13.723044 ip-local.5060 > 204.13.3.132.5060: udp 422 (DF)

94 packets received by filter
0 packets dropped by kernel

Sao muitos pacotes. Isso é realmente normal?

Muito obrigado.



----- Original Message ----- 
From: "Antonio Carlos Pina" <antoniocarlospina at gmail.com>
To: "Grupo de Trabalho de Engenharia e Operacao de Redes" 
<gter at eng.registro.br>
Sent: Sunday, February 19, 2006 09:46
Subject: Re: [GTER] grande numero de pacotes


Bom...
Estou vendo um diálogo normal com um banco MySQL. Você está mostrando 1
segundo desse diálogo.

O que está errado ? Isso realmente deveria ocorrer, dependendo do que seu
script faz. Ele pode somente checar se a porta 3306 do MySQL está aberta ou
pode fazer interações com o banco. Você tem de ver o script.

Agora, tem certeza que isso se refere ao script ? Ou seja, o banco está no
IP 210.13.3.133 e seu testador no IP 211.9.18.85 (outra coisa, evite enviar
IPs em suas mensagens :-/) ?

Em 19/02/06, JOAO CARLOS MOURA <jmoura at ninetel.com.br> escreveu:
>
> Olá, fiz um script em perl que monitora um servidor remoto e acessa um
> banco mysql.
> Depois que coloquei este script para eecutar a cada 5 minutos no cron,
> observei um grande trafego na minha rede e executando
> tcpdump observei isso:
>
> 08:41:06.924798 210.13.3.133.mysql > 211.9.18.85.38060: P 197:266(69) ack
> 242 win 5792 <nop,nop,timestamp 818108392 32120771> (DF)
> 08:41:06.925482 211.9.18.85.38060 > 210.13.3.133.mysql: P 242:309(67) ack
> 266 win 5808 <nop,nop,timestamp 32120794 818108392> (DF) [tos 0x8]
> 08:41:07.154705 210.13.3.133.mysql > 211.9.18.85.38060: P 266:335(69) ack
> 309 win 5792 <nop,nop,timestamp 818108415 32120794> (DF)
> 08:41:07.155417 211.9.18.85.38060 > 210.13.3.133.mysql: P 309:376(67) ack
> 335 win 5808 <nop,nop,timestamp 32120817 818108415> (DF) [tos 0x8]
>
> Algum companheiro sabe como resolver este problema
> mantendo o script rodando?
>
> Muito obrigado,
>
> João Carlos Moura
> NiNeTel Telecommunications
> 7382 N.W. 35 Terrace
> Miami, FL 33122 USA
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>
--
gter list    https://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list