Q: Analyze Network Traffic

Question

stevepfannjr

Level 1 (0 points)

Q: Analyze Network Traffic

Dear Apple community,

This morning I looked at the network stats is the Server App, and noticed an odd and unexpected traffic spike that happened around 3 to 4 in the morning. I was wondering if there is a way for me to look into this traffic (origin and destination etc.)

It's probably nothing for me to worry about as it was only a few hundred KB/s, but I'd like to be able to get to the bottom of this just to put my mind at ease.

A few things that may be worth mentioning is that a few days ago I installed SuperDuper! to manage some backup processes, and that a local know user has been idly logged into the server via the file sharing for a number of weeks. I don't know if either of these items could have contributed to the problem.

Any advice?

Steve

OS X Server

Posted on May 14, 2013 9:04 AM

I have this question too

Solved

MrHoffman

Level 6 (15,637 points)

Mac OS X

A:

That's around the time that the nightly jobs run. Those kick off around 3 AM local time.

As for your question, here's a general intro of how to capture a packet trace, and you'll probably want to establish some sort of network monitoring on another host on your local network. There are some reasonable tcpdump primers available around the 'net, including one by Daniel Miessler, too.

I usually use a server-grade gateway-firewall for this sort of stuff (as well as a variety of other tasks), and most of these devices can minimally show you where the network connections are going; IP source and destination.

Posted on May 15, 2013 6:46 AM

Q: Analyze Network Traffic

All replies

Helpful answers

by Mark Gillette,Helpful

Mark Gillette May 15, 2013 9:27 PM in response to stevepfannjr
Level 1 (5 points)

May 15, 2013 9:27 PM in response to stevepfannjr

Really difficult to say without knowing a few more specifics - I'm tempted to side with Mr Hoffman and say it's either the local routines running or your backup - check your logs. If you have a spare machine around that can run a web server take a look at this http://www.ntop.org/products/ntop/
Reply options

Link to this post

by stevepfannjr,

stevepfannjr May 16, 2013 1:24 AM in response to stevepfannjr
Level 1 (0 points)

May 16, 2013 1:24 AM in response to stevepfannjr

Thank for the advice everyone! It really does sound like a nightly system job doing its thing.

I appreciate the links and will be sure to take a thurough look at them.
Reply options

Link to this post

Accepted Answer · May 15, 2013 6:46 AM

MrHoffman

Level 6 (15,637 points)

Mac OS X

May 15, 2013 6:46 AM in response to stevepfannjr

That's around the time that the nightly jobs run. Those kick off around 3 AM local time.

As for your question, here's a general intro of how to capture a packet trace, and you'll probably want to establish some sort of network monitoring on another host on your local network. There are some reasonable tcpdump primers available around the 'net, including one by Daniel Miessler, too.

I usually use a server-grade gateway-firewall for this sort of stuff (as well as a variety of other tasks), and most of these devices can minimally show you where the network connections are going; IP source and destination.

Q: Analyze Network Traffic

All replies Helpful answers

by MrHoffman,Solvedanswer

by Mark Gillette,★Helpful

by stevepfannjr,

All replies

Helpful answers

by Mark Gillette,Helpful