OVH Community, your new community space.

"IP sending an unnecessarily large amount of requests"


Dani
03-02-2015, 09:33
Quote Originally Posted by JamesS
Okay after a few days of having the IP configured how you guys have told me, I am now starting to receive those emails again. There is still no traffic going over that IP address in netstat, and the extract on the email still shows a miniscule amount of packets being sent.
Hi

In that case, please create an ticket to SYS support and include as much information as you can regarding the IP and the configuration. We will check if everything is ok.

Danny
JamesS
02-02-2015, 21:15
Okay after a few days of having the IP configured how you guys have told me, I am now starting to receive those emails again. There is still no traffic going over that IP address in netstat, and the extract on the email still shows a miniscule amount of packets being sent.
heise
28-01-2015, 21:37
netmask should be 255.255.255.255 on fail over
JamesS
28-01-2015, 20:21
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.IMDS2>netstat -ntlpu

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.


C:\Users\Administrator.IMDS2>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:8880 IMDS2:55113 ESTABLISHED
TCP 127.0.0.1:8880 IMDS2:55115 ESTABLISHED
TCP 127.0.0.1:8880 IMDS2:57688 ESTABLISHED
TCP 127.0.0.1:32400 IMDS2:54489 CLOSE_WAIT
TCP 127.0.0.1:32400 IMDS2:54567 CLOSE_WAIT
TCP 127.0.0.1:54216 IMDS2:54217 ESTABLISHED
TCP 127.0.0.1:54217 IMDS2:54216 ESTABLISHED
TCP 127.0.0.1:54218 IMDS2:54219 ESTABLISHED
TCP 127.0.0.1:54219 IMDS2:54218 ESTABLISHED
TCP 127.0.0.1:54220 IMDS2:54221 ESTABLISHED
TCP 127.0.0.1:54221 IMDS2:54220 ESTABLISHED
TCP 127.0.0.1:54222 IMDS2:54223 ESTABLISHED
TCP 127.0.0.1:54223 IMDS2:54222 ESTABLISHED
TCP 127.0.0.1:54224 IMDS2:54225 ESTABLISHED
TCP 127.0.0.1:54225 IMDS2:54224 ESTABLISHED
TCP 127.0.0.1:54226 IMDS2:54227 ESTABLISHED
TCP 127.0.0.1:54227 IMDS2:54226 ESTABLISHED
TCP 127.0.0.1:54228 IMDS2:54229 ESTABLISHED
TCP 127.0.0.1:54229 IMDS2:54228 ESTABLISHED
TCP 127.0.0.1:54230 IMDS2:54231 ESTABLISHED
TCP 127.0.0.1:54231 IMDS2:54230 ESTABLISHED
TCP 127.0.0.1:54336 IMDS2:32400 TIME_WAIT
TCP 127.0.0.1:54489 IMDS2:32400 FIN_WAIT_2
TCP 127.0.0.1:54567 IMDS2:32400 FIN_WAIT_2
TCP 127.0.0.1:54576 IMDS2:54577 ESTABLISHED
TCP 127.0.0.1:54577 IMDS2:54576 ESTABLISHED
TCP 127.0.0.1:55104 IMDS2:63941 ESTABLISHED
TCP 127.0.0.1:55113 IMDS2:8880 ESTABLISHED
TCP 127.0.0.1:55115 IMDS2:8880 ESTABLISHED
TCP 127.0.0.1:57688 IMDS2:8880 ESTABLISHED
TCP 127.0.0.1:63941 IMDS2:55104 ESTABLISHED
TCP 127.0.0.1:64064 IMDS2:64065 TIME_WAIT
TCP 127.0.0.1:64065 IMDS2:64064 TIME_WAIT
TCP 127.0.0.1:64067 IMDS2:64066 TIME_WAIT
TCP 127.0.0.1:64070 IMDS2:64068 TIME_WAIT
TCP 127.0.0.1:64071 IMDS2:64069 TIME_WAIT
TCP 127.0.0.1:64072 IMDS2:64074 TIME_WAIT
TCP 127.0.0.1:64073 IMDS2:64075 TIME_WAIT
TCP 127.0.0.1:64074 IMDS2:64072 TIME_WAIT
TCP 127.0.0.1:64075 IMDS2:64073 TIME_WAIT
TCP 127.0.0.1:64076 IMDS2:64077 TIME_WAIT
TCP 127.0.0.1:64077 IMDS2:64076 TIME_WAIT
TCP 127.0.0.1:64078 IMDS2:64079 TIME_WAIT
TCP 127.0.0.1:64079 IMDS2:64078 TIME_WAIT
TCP 127.0.0.1:64081 IMDS2:64080 TIME_WAIT
TCP 127.0.0.1:64083 IMDS2:64082 TIME_WAIT
TCP 127.0.0.1:64085 IMDS2:64084 TIME_WAIT
TCP 127.0.0.1:64087 IMDS2:64086 TIME_WAIT
TCP 127.0.0.1:64089 IMDS2:64088 TIME_WAIT
TCP 127.0.0.1:64091 IMDS2:64090 TIME_WAIT
TCP 127.0.0.1:64093 IMDS2:64092 TIME_WAIT
TCP 127.0.0.1:64095 IMDS2:64094 TIME_WAIT
TCP 127.0.0.1:64097 IMDS2:64096 TIME_WAIT
TCP 127.0.0.1:64099 IMDS2:64098 TIME_WAIT
TCP 127.0.0.1:64101 IMDS2:64100 TIME_WAIT
TCP 127.0.0.1:64103 IMDS2:64102 TIME_WAIT
TCP 127.0.0.1:64105 IMDS2:64104 TIME_WAIT
TCP 127.0.0.1:64107 IMDS2:64106 TIME_WAIT
TCP 127.0.0.1:64109 IMDS2:64108 TIME_WAIT
TCP 127.0.0.1:64111 IMDS2:64110 TIME_WAIT
TCP 127.0.0.1:64113 IMDS2:64114 TIME_WAIT
TCP 127.0.0.1:64114 IMDS2:64113 TIME_WAIT
TCP 127.0.0.1:64115 IMDS2:64116 TIME_WAIT
TCP 127.0.0.1:64116 IMDS2:64115 TIME_WAIT
TCP 127.0.0.1:64118 IMDS2:64117 TIME_WAIT
TCP 127.0.0.1:64120 IMDS2:64119 TIME_WAIT
TCP 127.0.0.1:64121 IMDS2:64122 TIME_WAIT
TCP 127.0.0.1:64122 IMDS2:64121 TIME_WAIT
TCP 127.0.0.1:64124 IMDS2:64123 TIME_WAIT
TCP 127.0.0.1:64126 IMDS2:64125 TIME_WAIT
TCP 127.0.0.1:64127 IMDS2:64128 TIME_WAIT
TCP 127.0.0.1:64128 IMDS2:64127 TIME_WAIT
TCP 127.0.0.1:64130 IMDS2:64129 TIME_WAIT
TCP 127.0.0.1:64131 IMDS2:64132 TIME_WAIT
TCP 127.0.0.1:64132 IMDS2:64131 TIME_WAIT
TCP 127.0.0.1:64134 IMDS2:64133 TIME_WAIT
TCP 127.0.0.1:64136 IMDS2:64135 TIME_WAIT
TCP 127.0.0.1:64138 IMDS2:64137 TIME_WAIT
TCP 127.0.0.1:64140 IMDS2:64139 TIME_WAIT
TCP 127.0.0.1:64142 IMDS2:64141 TIME_WAIT
TCP 127.0.0.1:64144 IMDS2:64143 TIME_WAIT
TCP 127.0.0.1:64146 IMDS2:64145 TIME_WAIT
TCP 127.0.0.1:64148 IMDS2:64147 TIME_WAIT
TCP 127.0.0.1:64150 IMDS2:64149 TIME_WAIT
TCP 127.0.0.1:64152 IMDS2:64151 TIME_WAIT
TCP 127.0.0.1:64154 IMDS2:64153 TIME_WAIT
TCP 127.0.0.1:64156 IMDS2:64155 TIME_WAIT
TCP 127.0.0.1:64158 IMDS2:64157 TIME_WAIT
TCP 127.0.0.1:64160 IMDS2:64159 TIME_WAIT
TCP 188.165.215.30:80 spider-5-255-253-72:41898 ESTABLISHED
TCP 188.165.215.30:3389 37.59.255.213:54986 ESTABLISHED
TCP 188.165.215.30:3389 80.65.244.255:56709 ESTABLISHED
TCP 188.165.215.30:8880 80.65.244.255:55915 ESTABLISHED
TCP 188.165.215.30:8880 80.65.244.255:55916 ESTABLISHED
TCP 188.165.215.30:52152 74.125.133.188:5228 ESTABLISHED
TCP 188.165.215.30:53003 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:54090 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:54091 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:58555 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:58562 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:59880 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:59881 vweb05:3306 ESTABLISHED
TCP 188.165.215.30:64010 par03s14-in-f14:https ESTABLISHED
TCP 188.165.215.30:64011 par03s14-in-f14:https ESTABLISHED
TCP 188.165.215.30:64050 104.28.27.4:http TIME_WAIT
TCP 188.165.215.30:64063 104.28.27.4:http TIME_WAIT
TCP 188.165.215.30:64112 104.28.27.4:http TIME_WAIT
TCP 188.165.215.30:64161 104.28.15.121:http ESTABLISHED
TCP 188.165.215.30:64162 104.28.27.4:http ESTABLISHED
TCP 188.165.215.30:64494 10.21.131.91:microsoft-ds ESTABLISHED
TCP [::1]:14147 IMDS2:54391 ESTABLISHED
TCP [::1]:54391 IMDS2:14147 ESTABLISHED

C:\Users\Administrator.IMDS2>
Doesn't seem to be any traffic on that IP, and no my netmask was 255.0.0.0
Dani
26-01-2015, 10:00
Hi

Do you have the netmask for the IP set as: 255.255.255.255 ?

Danny
eximushosting
26-01-2015, 08:00
Have you had a look at what is listening on what ports on the server? Run netstat and see if there is anything you do not recognise.

Code:
netstat -ntlpu
n = Show numerical addresses instead of trying to determine symbolic host, port or user names
t = Show TCP connections
l = Show only listening sockets. (These are omitted by default.)
p = Show the PID and name of the program to which each socket belongs
u = Show UDP connections...

Are you running any control Panels? ie Plesk, cPanel etc

You can also run
Code:
ps aux
and see what is running.. anything unusual or not recognised?

Let us know the output.
JamesS
26-01-2015, 07:30
Hi,
I got an email from SoYouStart the other day regarding one of my failover IPs sending an unnecessarily large amount of requests. On examining the extract that I was sent, it seems that the server is sending a ridiculously small amount of ARP requests (a few every day).

Code:
Fri Jan 23 00:41:21 2015 : arp who-has 178.32.129.26 tell 178.32.51.30  
Fri Jan 23 02:13:03 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Fri Jan 23 08:07:21 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Fri Jan 23 11:39:00 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Fri Jan 23 13:24:37 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Fri Jan 23 15:01:03 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Fri Jan 23 16:24:31 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Sat Jan 24 14:02:55 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Sat Jan 24 18:31:21 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
Sun Jan 25 11:03:05 2015 : arp who-has 178.32.129.26 tell 178.32.51.30
The gaps between each request on friday are about an hour, and there are only 2 requests on Saturday. Any idea on what's up here?