Since Sunday morning, one of my CentOS servers has been generating a small spike of outbound traffic every 30 minutes (X:00 and X:30). It's not enough traffic to really cause any notice except for the fact that it is a very regular pattern and it started abruptly at midnight Sunday. This server is used for mail (Courier-MTA), and DNS (Bind). I cannot find anything unusual in either of those logs. I tried grepping through my firewall logs, but have been unable to find anything useful there either. I don't see any cron jobs that would generate network traffic. Any suggestions how I can go about tracking this down? -- Bowie
m.roth at 5-cent.us
2013-Dec-03 21:49 UTC
[CentOS] Outbound traffic spike every 30 minutes
Bowie Bailey wrote:> Since Sunday morning, one of my CentOS servers has been generating a > small spike of outbound traffic every 30 minutes (X:00 and X:30). It's > not enough traffic to really cause any notice except for the fact that > it is a very regular pattern and it started abruptly at midnight Sunday. > > This server is used for mail (Courier-MTA), and DNS (Bind). I cannot > find anything unusual in either of those logs. I tried grepping through > my firewall logs, but have been unable to find anything useful there > either. I don't see any cron jobs that would generate network traffic. > > Any suggestions how I can go about tracking this down?Run rkhunter? Actually, if it's that regular, you could run tcpdump when you expect it. mark