Strange problem with VPS

Forlan · Aug 8, 2013

Hi,
I just get bandwich usage notification from my vps.

When I go to remote desktop and check system monitor i see that outgoing data speed is 10 mB/s.
But i don't send anything.

So how i can check what's going on ?

So far i changed root password but this didn't help.
For now i shoutdown vps.

System is centos 64bit + kloxo panel.

onel0ve · Aug 8, 2013

Maybe your vps rooted . Check using tcpdump , netstat .

Private_HTML · Aug 8, 2013

what is your vps for? is everything up to date?

perfectRDP · Aug 11, 2013

Yeah i agree with onel0ve you will need to check with netstat and see what is taking juice

Forlan · Aug 12, 2013

netstat output looks like this:

Code:

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 mydomain:ssh                myip.:netx-server ESTABLISHED
tcp        0      1 mydomain:ssh                myip.inte:mpfoncl LAST_ACK
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  9      [ ]         DGRAM                    622137463 /dev/log
unix  2      [ ]         DGRAM                    622139361
unix  2      [ ]         DGRAM                    622138815
unix  2      [ ]         DGRAM                    622138719
unix  2      [ ]         DGRAM                    622138365
unix  3      [ ]         STREAM     CONNECTED     622138089 /var/lib/mysql/mysql.sock
unix  3      [ ]         STREAM     CONNECTED     622138088
unix  3      [ ]         STREAM     CONNECTED     622138087 /var/lib/mysql/mysql.sock
unix  3      [ ]         STREAM     CONNECTED     622138086
unix  2      [ ]         DGRAM                    622137782
unix  2      [ ]         DGRAM                    622137638
unix  2      [ ]         DGRAM                    622137570

tcpdump :

Code:

20:02:09.780142 IP mydomain.domain > ns178.altervista.org.35137:  15926 21/13/23 Type46[|domain]
20:02:09.780145 IP mydomain > ns178.altervista.org: udp
20:02:09.780187 IP mydomain.domain > ns178.altervista.org.35137:  15926 21/13/23 Type46[|domain]
20:02:09.780190 IP mydomain > ns178.altervista.org: udp
20:02:09.780257 IP mydomain.domain > ns178.altervista.org.35137:  15926 21/13/23 Type46[|domain]
20:02:09.780260 IP mydomain > ns178.altervista.org: udp
20:02:09.780301 IP mydomain.domain > ..25448:  7490 29/4/5 SOA[|domain]
20:02:09.780304 IP mydomain > .: udp
20:02:09.780305 IP mydomain > .: udp
20:02:09.780316 IP mydomain.domain > ns178.altervista.org.35137:  15926 21/13/23 Type46[|domain]
20:02:09.780319 IP mydomain > ns178.altervista.org: udp
20:02:09.781138 IP mydomain.domain > ns178.altervista.org.35137:  15926 21/13/23 Type46[|domain]
20:02:09.781143 IP mydomain > ns178.altervista.org: udp
20:02:09.787045 IP pickerold.eunhye84.com.25448 > mydomain.domain:  7490+ [1au] ANY? isc.org. (36)
20:02:09.787253 IP mydomain.domain > pickerold.eunhye84.com.25448:  7490 29/4/5 SOA[|domain]
20:02:09.787257 IP mydomain > pickerold.eunhye84.com: udp
20:02:09.787259 IP mydomain > pickerold.eunhye84.com: udp
20:02:09.790057 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790062 IP mydomain > ns178.altervista.org: udp
20:02:09.790121 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790126 IP mydomain > ns178.altervista.org: udp
20:02:09.790130 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790135 IP mydomain > ns178.altervista.org: udp
20:02:09.790165 IP ..25448 > mydomain.domain:  7490+ [1au] ANY? isc.org. (36)
20:02:09.790209 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790212 IP mydomain > ns178.altervista.org: udp
20:02:09.790325 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790328 IP mydomain > ns178.altervista.org: udp
20:02:09.790347 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790350 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790350 IP mydomain > ns178.altervista.org: udp
20:02:09.790353 IP mydomain > ns178.altervista.org: udp
20:02:09.790479 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790482 IP mydomain > ns178.altervista.org: udp
20:02:09.790511 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790514 IP mydomain > ns178.altervista.org: udp
20:02:09.790521 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790524 IP mydomain > ns178.altervista.org: udp
20:02:09.790672 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790674 IP mydomain > ns178.altervista.org: udp
20:02:09.790682 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790682 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790685 IP mydomain > ns178.altervista.org: udp
20:02:09.790685 IP mydomain > ns178.altervista.org: udp
20:02:09.790774 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790777 IP mydomain > ns178.altervista.org: udp
20:02:09.790818 IP mydomain.domain > ..25448:  7490 29/4/5 SOA[|domain]
20:02:09.790822 IP mydomain > .: udp
20:02:09.790823 IP mydomain > .: udp
20:02:09.790860 IP mydomain.domain > ns178.altervista.org.6693:  1770 21/13/23 Type46[|domain]
20:02:09.790863 IP mydomain > ns178.altervista.org: udp
20:02:09.791809 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791816 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791820 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791824 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791827 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791831 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791834 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791837 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791841 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791844 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791847 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791850 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791854 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791857 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.791860 IP 77-85-24-244.btc-net.bg.25695 > mydomain.domain:  17982+ [1au] ANY? . (28)
20:02:09.792158 IP mydomain.domain > 77-85-24-244.btc-net.bg.25695:  17982 21/13/23 Type46[|domain]
20:02:09.792162 IP mydomain > 77-85-24-244.btc-net.bg: udp
20:02:09.792218 IP mydomain.domain > 77-85-24-244.btc-net.bg.25695:  17982 21/13/23 Type46[|domain]
20:02:09.792222 IP mydomain > 77-85-24-244.btc-net.bg: udp
20:02:09.792252 IP mydomain.domain > 77-85-24-244.btc-net.bg.25695:  17982 21/13/23 Type46[|domain]
20:02:09.792257 IP mydomain > 77-85-24-244.btc-net.bg: udp
20:02:09.795402 IP pickerold.eunhye84.com.25448 > mydomain.domain:  7490+ [1au] ANY? isc.org. (36)
20:02:09.815430 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815438 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815444 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815455 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815478 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815481 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815484 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815486 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815502 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815505 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815508 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815511 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815514 IP ns178.altervis20:02:00.982722 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982738 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982739 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982741 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982767 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982809 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982812 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982815 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982818 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982820 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982823 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982825 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982828 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982831 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.982833 IP 133.255.212.162.in-addr.arpa.static.cnservers.com.49891 > mydomain.domain:  9606+ [1au] ANY? . (28)
20:02:00.983032 IP mydomain.domain > 133.255.212.162.in-addr.arpa.static.cnservers.com.49891:  9606 21/13/23 Type46[|domain]
20:02:00.983032 IP mydomain.domain > 133.255.212.162.in-addr.arpa.static.cnservers.com.49891:  9606 21/13/23 Type46[|domain]
20:02:00.983036 IP mydomain > 133.255.212.162.in-addr.arpa.static.cnservers.com: udp
20:02:00.983036 IP mydomain > 133.255.212.162.in-addr.arpa.static.cnservers.com: udp
20:02:00.983044 IP mydomain.domain > 133.255.212.162.in-addr.arpa.static.cnservers.com.49891:  9606 21/13/23 Type46[|domain]
20:02:00.983049 IP mydomain > 133.255.212.162.in-addr.arpa.static.cnservers.com: udp
20:02:00.983092 IP ..25448 > mydomain.domain:  7490+ [1au] ANY? isc.org. (36)
20:02:00.983105 IP mydomain.domain > 133.255.212.162.in-addr.arpa.static.cnservers.com.49891:  9606 21/13/23 Type46[|domain]ta.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815517 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)
20:02:09.815555 IP ns178.altervista.org.10356 > mydomain.domain:  15926+ [1au] ANY? . (28)

Strange problem with VPS

Forlan

Active Member

onel0ve

Active Member

Private_HTML

Active Member

perfectRDP

Active Member

Forlan

Active Member