Background

Through the monitoring has found certain scenarios in the traffic is relatively large, not reasonable, need to know which processes are these traffic are accessing which services trigger.

Method

  1. locate which processes are triggering the traffic.
  2. locate which IPs are mainly responsible for accessing the traffic
  3. Locate the specific ports that are having the larger traffic.

Tools

nethogs/iftop/tcptrack

Locate the process

1

sudo nethogs

nethogs

From the above graph you can see the total traffic, and the size of the traffic for each process. Here we can confirm that the traffic is mainly consumed by the 3820 java process.

Locate ip

1

sudo iftop -p -n -B

iftop

The above image shows that the traffic is mainly consumed on the 10.0.48.1 ip.

Locate the port

10.0.48.1 could be a mapping ip, need to check further to see exactly.

1
2

sudo tcptrack -r 5 -i eth0 // then enter lowercase s to sort by traffic
sudo tcptrack -r 5 -i eth0 host 10.0.48.1 //filter Syntax is the same as tcpdump

tcptrack

You can see that the traffic is relatively high on port 4355/4356.

Software installation

The rpm installers for these three software packages will be included in subsequent releases of new images. For now, you can download these three rpm installers manually.