I looked at the bandwidth utilization on my "theplanet" management tools yesterday.
- Before November it was an average of 20GB per month.
- After November it is an average of 140GB per month!
The traffic of my website has not increased (I checked Google Analytics). All the increased bandwidth is INBOUND bandwidth.
I did a vnstat -l and it appear that I'm receiving something of about 12MiB every 10 minutes.
How can I know what it is, where it is and from where it is coming from?
The server is on Centos.
UPDATES :
How can I do a simple sniff of the traffic?
There is an FTP server but I looked at the log vi /var/log/xferlog and nothing is weird in the log.
No email are hosted on the server (how can i verify that to be sure?).
You can see that starting at the end of W48, the bandwidth from internet become crazy...
tcpdump will show current traffic passing through the server presuming you have root access to it. netstat will give a list of all current connections and doesn't need root access. It might also help to run 'netstat -ltup' to show what ports the server is listening on and what program is responsible for each connection.
Do you have any ability to take a sniff of the traffic? You need to find out what the traffic is and what host(s) are sending it.
Are you sharing files on this site? Do you have an open/insecure FTP server that someone could be feeding data to?
How about email, is it hosted on this site? Some outlook clients will never give up sending a message with certain non-fatal errors.
In short, we need more information to help you troubleshoot.