I have a CentOS 5 with Lightppd installed. Also I have MySQL on board. I lately discovered high traffic:
http://img686.imageshack.us/img686/8596/traff.jpg
Could you please tell me how to diagnose what is cause of this traffic? I didn't do anything that would explain it.
A) If you have a Cisco switch, you can set it up so that traffic is mirrored to a specific port, then connect another machine to that port set in promiscuous mode to monitor IP traffic using something like Wireshark.
B) you can run Wireshark (or your favorite sniffer) on the server to monitor the traffic in realtime.
C) set up another machine with Linux to forward traffic, and set the server to use that machine as a gateway. See if you can monitor traffic with a port sniffer.
I'd advice a third-party machine (like option A or C) to do this, since if there's something doing this via malware it may disguise activity on the system using trojaned binaries. An outside monitor machine will see traffic regardless.
It doesn't look like the graphs breaks down the traffic by ports, so a sniffer would help. On that note, if you think it is web traffic, then assuming that lighttpd's logging is configured:
/var/log/lighttpd.log
You can check to see which URLs were accessed the most or which files are downloaded the most. To make thing easier for you, try using Webalizer to parse the logs:
http://www.cyberciti.biz/tips/lighttpd-install-and-configure-webalizer-statistics-software.html