Home / server / Questions / 62329
Accepted
BlaM
Asked: 2009-09-05 00:53:02 +0800 CST

Debian Linux: Find Application that generates lots of Incoming Traffic

  • 772

Is there any way to find out which application on a server is responsible for incoming traffic?

I have a debian linux server that has a lot of incoming traffic and would like to know if someone managed to hack his way into it or if there's a faulty web-application (apache2 + PHP) and I just have to fix a bug.

Any suggestions? Applications I need to know about? "Long Time Network Monitors"?

linux debian network-traffic

3 Answers

  1. Best Answer

    You could try using iptraf and pktstat to help visualise your network traffic. They are both in the apt repositories.

    They will show you all incoming/outgoing connections, services that they are connected to, traffic bandwidth for each connection, ipaddress/named entries and much more. That will help you track down the offending app (with some help from netstat).

    Have fun!

    • 1

  2. For specific php/apache monitoring, mod_status will show you a web accessible list of all current apache connections. To see all PHP traffic, you can monitor from the command line using

    watch -n1 "/etc/init.d/httpd fullstatus | grep .php | egrep \"GET|POST\""

    Don't forget to prevent outside access with

    <Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from .foo.com
</Location>
    • 1

  3. For an all round traffic stats, except iptraf you can try bandwithd. I used it before and it is able to produce nice graphs for traffic based on source <-> target ip, breakdown of traffic by protocols etc. All of this in real time ;) It is included in both debian and ubuntu.

    • 1