[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

VPS and network traffic

This isn't strictly a debian issue but perhaps there are enough people
here running debian on VPSs that someone can explain...

I configured monit on a low traffic 'stretch' VPS to alert me about
upload or downloads that exceed 1.2MB in a ten minute period.  For
uploads it works.  For downloads it doesn't because monit sees
downloads continuously at a rate of about 6MB per 10m (it fluctuates
around there in range of typically 1 - 2MB).

I ran 'nethogs' and saw an unexpected (to me) result.  nethogs reports
bandwidth between ip addresses where neither address is on my VPS.
For example (reformatted and with the addresses changed),

   ?   root

   DEV        SENT      RECEIVED
              0.000      1.285 KB/sec

Whenever I've checked, 'whois' reports one or both ip addressses as
belonging to my VPS provider.  nethogs reports dozens of lines like
this at a time, i.e. with alien ips, no PID and no DEV.  (nethogs has
a switch for "sniff in promiscious mode" which I didn't use).  I asked
my VPS provider what was going on and in summary they said

   It seems we've a small number of packets being broadcast by the
   It's not an urgent priority, as it's not directly an error (a switch
   is allowed to behave as a hub).
   We only bill for traffic that leaves our network so it makes no
   difference to your quota.

I'm not a networking expert so I'm willing to take their word for it.
Sadly for me it seems to mean I can't monitor my own download traffic
accurately due to this unwanted 'background noise'.  My questions

Are these broadcast packets the culprit for monit thinking I'm
downloading so much?

Why is the linux kernel seeing broadcast packets as downloads to my

Or is monit (which I guess gets its numbers from the kernel) looking
at the wrong thing?

Is there a way to stop those packets contributing to what monit sees
as download traffic?


Reply to: