VPS and network traffic
- Date: Mon, 27 Aug 2018 17:43:28 +0100
- From: Nick <debuser@xxxxxxxxxxx>
- Subject: VPS and network traffic
This isn't strictly a debian issue but perhaps there are enough people
here running debian on VPSs that someone can explain...
I configured monit on a low traffic 'stretch' VPS to alert me about
upload or downloads that exceed 1.2MB in a ten minute period. For
uploads it works. For downloads it doesn't because monit sees
downloads continuously at a rate of about 6MB per 10m (it fluctuates
around there in range of typically 1 - 2MB).
I ran 'nethogs' and saw an unexpected (to me) result. nethogs reports
bandwidth between ip addresses where neither address is on my VPS.
For example (reformatted and with the addresses changed),
PID USER PROGRAM
? root 22.214.171.124:80-126.96.36.199:33034
DEV SENT RECEIVED
0.000 1.285 KB/sec
Whenever I've checked, 'whois' reports one or both ip addressses as
belonging to my VPS provider. nethogs reports dozens of lines like
this at a time, i.e. with alien ips, no PID and no DEV. (nethogs has
a switch for "sniff in promiscious mode" which I didn't use). I asked
my VPS provider what was going on and in summary they said
It seems we've a small number of packets being broadcast by the
It's not an urgent priority, as it's not directly an error (a switch
is allowed to behave as a hub).
We only bill for traffic that leaves our network so it makes no
difference to your quota.
I'm not a networking expert so I'm willing to take their word for it.
Sadly for me it seems to mean I can't monitor my own download traffic
accurately due to this unwanted 'background noise'. My questions
Are these broadcast packets the culprit for monit thinking I'm
downloading so much?
Why is the linux kernel seeing broadcast packets as downloads to my
Or is monit (which I guess gets its numbers from the kernel) looking
at the wrong thing?
Is there a way to stop those packets contributing to what monit sees
as download traffic?