iftop -i eht0 output pleassssssssssss help

Taking care of your Linux box.
Post Reply
Kamran.Ahmed
Lance Naik
Posts: 45
Joined: Wed Dec 16, 2009 5:57 pm
Location: Karachi

iftop -i eht0 output pleassssssssssss help

Post by Kamran.Ahmed »

pmail1.pegasus.com.pk => 72.21.214.128 0b 4.19Kb 4.19Kb
<= 0b 222Kb 222Kb
pmail1.pegasus.com.pk => 74.125.153.139 0b 3.56Kb 3.56Kb
<= 0b 89.6Kb 89.6Kb
pmail1.pegasus.com.pk => 10.4.207.91.unknown.SteepHost.Net 52.8Kb 44.4Kb 44.4Kb
<= 49.0Kb 42.2Kb 42.2Kb
pmail1.pegasus.com.pk => 219.71.140.58 17.4Kb 43.9Kb 43.9Kb
<= 208b 771b 771b
pmail1.pegasus.com.pk => mop100.hostmop.com 1.67Kb 1.09Kb 1.09Kb
<= 46.9Kb 29.3Kb 29.3Kb
pmail1.pegasus.com.pk => b2.8a.374a.static.theplanet.com 0b 1.23Kb 1.23Kb
<= 0b 21.3Kb 21.3Kb
pmail1.pegasus.com.pk => ip-182-50-142-100.ip.secureserver.net 0b 21.0Kb 21.0Kb
<= 0b 738b 738b
pmail1.pegasus.com.pk => 79.140.95.168 0b 4.46Kb 4.46Kb
<= 0b 11.1Kb 11.1Kb
pmail1.pegasus.com.pk => 174.37.241.139 0b 1.94Kb 1.94Kb
<= 0b 9.27Kb 9.27Kb
pmail1.pegasus.com.pk => 81.203.250.10.dyn.user.ono.com 1.28Kb 5.02Kb 5.02Kb
<= 3.30Kb 2.14Kb 2.14Kb
pmail1.pegasus.com.pk => 79.140.80.40 0b 784b 784b
<= 0b 5.48Kb 5.48Kb
pmail1.pegasus.com.pk => static-host-210-2-181-6.link.net.pk 1.42Kb 1.18Kb 1.18Kb
<= 2.38Kb 3.41Kb 3.41Kb
pmail1.pegasus.com.pk => 74.84.129.18 2.35Kb 530b 530b
<= 10.8Kb 2.16Kb 2.16Kb
pmail1.pegasus.com.pk => 93.126.101.119 10.7Kb 2.22Kb 2.22Kb
<= 480b 388b 388b
pmail1.pegasus.com.pk => n11648237019.netvigator.com 224b 1.04Kb 1.04Kb
<= 0b 1.37Kb 1.37Kb
pmail1.pegasus.com.pk => 69.63.190.10 0b 1.01Kb 1.01Kb
<= 0b 1.13Kb 1.13Kb
pmail1.pegasus.com.pk => 66.220.151.90 6.30Kb 1.30Kb 1.30Kb
<= 448b 252b 252b
pmail1.pegasus.com.pk => host106.newsgator.com 0b 826b 826b
<= 0b 730b 730b
pmail1.pegasus.com.pk => 188.127.229.107 0b 850b 850b
<= 0b 369b 369b
pmail1.pegasus.com.pk => ip70-181-102-104.oc.oc.cox.net 0b 784b 784b
<= 0b 399b 399b
pmail1.pegasus.com.pk => bom01s01-in-f104.1e100.net 0b 387b 387b
<= 0b 677b 677b
pmail1.pegasus.com.pk => 84.127.239.71.static.user.ono.com 676b 445b 445b
<= 444b 406b 406b
pmail1.pegasus.com.pk => 69.17.67.132 0b 343b 343b
<= 160b 370b 370b
pmail1.pegasus.com.pk => 205.188.251.1 160b 349b 349b
<= 160b 245b 245b



above is the output of iftop what is this ??? how can i stop this it suck all of my dsl bandwidht please help
Kamran Ahmed Khan
kamran.cisco@gmail.com
Registered Linux User # 526139
www.allaboutlinux.org
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

You can use iptables string match to stop this.

iptables -A INPUT -m string --algo bm --string "pmail1.pegasus.com.pk" -j DROP
iptables -A OUTPUT -m string --algo bm --string "pmail1.pegasus.com.pk" -j DROP
iptables -A FORWARD -m string --algo bm --string "pmail1.pegasus.com.pk" -j DROP

but make sure you have the latest kernel...because it required latest kernel. or you need to patch your kernel with string match feature.


I use this to block odd urls in proxy machines.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Kamran.Ahmed
Lance Naik
Posts: 45
Joined: Wed Dec 16, 2009 5:57 pm
Location: Karachi

Post by Kamran.Ahmed »

thanks for help but it did not fulfill the job in addition i noticed this is happening even when we stop squid server i think it is associated with eth0 interface when i down eth0 then stop please help
Kamran Ahmed Khan
kamran.cisco@gmail.com
Registered Linux User # 526139
www.allaboutlinux.org
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

HI,

Please brief me the details of your network, what are you using, which interface is what. Because now i can not do anything without knowing some info about the network. Also are you using this for any cable net, if yes then this can be some bogus traffic generated from local network.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Kamran.Ahmed
Lance Naik
Posts: 45
Joined: Wed Dec 16, 2009 5:57 pm
Location: Karachi

Post by Kamran.Ahmed »

in fact t i have ubuntu server installed with squid in which two nics one of them is connected local lan and other is connected wan (internet)

is this enough?
Kamran Ahmed Khan
kamran.cisco@gmail.com
Registered Linux User # 526139
www.allaboutlinux.org
mashkoor.qadir
Lance Naik
Posts: 32
Joined: Mon Dec 20, 2010 10:27 pm
Location: Karachi
Contact:

Re: iftop -i eht0 output pleassssssssssss help

Post by mashkoor.qadir »

can trace the traffic where from it come. I mean to say that either that traffic comes from local or through the internet................
Kind Regards,
Mashkoor Qadir,
mashkoor.qadir@yahoo.com
http://www.redmath.com
Post Reply