Tráfego de saída da instância VPS aumentando linearmente

Question

Tráfego de saída da instância VPS aumentando linearmente

1

Eu tenho uma instância do DigitalOcean VPS cujo tráfego de saída está se comportando de forma estranha, aumentando linearmente ao longo de um período de sete dias.

Estou tentando descobrir o que está acontecendo através de tcpdump , mas para dizer a verdade, não sei o que devo procurar, fazendo tcpdump port not 22 , aqui está um trecho do tipo de tráfego que Eu sou capaz de ver, o que parece normal para mim:

15:48:10.638709 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [S.], seq 262596971, ack 2836813416, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
15:48:10.641314 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 772:1106, ack 41341, win 260, length 334: HTTP: GET /js/pathseg.js HTTP/1.1
15:48:10.641578 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 41341:44061, ack 1106, win 507, length 2720: HTTP: HTTP/1.1 200 OK
15:48:10.641616 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 44061:46781, ack 1106, win 507, length 2720: HTTP
15:48:10.641628 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 46781:49501, ack 1106, win 507, length 2720: HTTP
15:48:10.648490 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 351:689, ack 9549, win 260, length 338: HTTP: GET /js/CustomEvent.js HTTP/1.1
15:48:10.648863 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [P.], seq 9549:10278, ack 689, win 490, length 729: HTTP: HTTP/1.1 200 OK
15:48:10.651042 IP client.yota.ru.57500 > ubuntu-512mb-nyc3-01.http: Flags [S], seq 4006037173, win 8192, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
15:48:10.651101 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [S.], seq 153230364, ack 4006037174, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
15:48:10.653203 IP client.yota.ru.57499 > ubuntu-512mb-nyc3-01.http: Flags [S], seq 4261651922, win 8192, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
15:48:10.653252 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [S.], seq 988269590, ack 4261651923, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
15:48:10.752986 IP 5adddf5b.bb.sky.com.59084 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 97599, win 16179, length 0
15:48:10.787531 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 1, win 260, length 0
15:48:10.790883 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 1, win 260, length 0
15:48:10.803170 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 1:366, ack 1, win 260, length 365: HTTP: GET /images/pen-tool.png HTTP/1.1
15:48:10.803239 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], ack 366, win 473, length 0
15:48:10.803626 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [P.], seq 1:696, ack 366, win 473, length 695: HTTP: HTTP/1.1 200 OK
15:48:10.810546 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 1:340, ack 1, win 260, length 339: HTTP: GET /js/snap.svg-min.js HTTP/1.1
15:48:10.810578 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], ack 340, win 473, length 0
15:48:10.810768 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 1:2721, ack 340, win 473, length 2720: HTTP: HTTP/1.1 200 OK
15:48:10.810821 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 2721:5441, ack 340, win 473, length 2720: HTTP
15:48:10.810834 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 5441:8161, ack 340, win 473, length 2720: HTTP
15:48:10.810846 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 8161:10881, ack 340, win 473, length 2720: HTTP
15:48:10.810860 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 10881:13601, ack 340, win 473, length 2720: HTTP
15:48:10.826921 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 44061, win 260, length 0
15:48:10.826976 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 49501:52221, ack 1106, win 507, length 2720: HTTP
15:48:10.869049 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 46781, win 260, length 0
15:48:10.869108 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 52221:54941, ack 1106, win 507, length 2720: HTTP
15:48:10.872426 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 49501, win 260, length 0
15:48:10.872465 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 54941:57661, ack 1106, win 507, length 2720: HTTP
15:48:10.872501 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 57661:59021, ack 1106, win 507, length 1360: HTTP
15:48:10.915039 IP client.yota.ru.57500 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 1, win 260, length 0
15:48:10.931030 IP client.yota.ru.57500 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 1:336, ack 1, win 260, length 335: HTTP: GET /js/TweenMax.js HTTP/1.1
15:48:10.931088 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], ack 336, win 473, length 0
15:48:10.931446 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 1:2721, ack 336, win 473, length 2720: HTTP: HTTP/1.1 200 OK
15:48:10.931484 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 2721:5441, ack 336, win 473, length 2720: HTTP
15:48:10.931522 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 5441:8161, ack 336, win 473, length 2720: HTTP
15:48:10.931535 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 8161:10881, ack 336, win 473, length 2720: HTTP
15:48:10.931576 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 10881:13601, ack 336, win 473, length 2720: HTTP
15:48:10.949103 IP client.yota.ru.57499 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 1, win 260, length 0
15:48:10.955910 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 689:1021, ack 10278, win 257, length 332: HTTP: GET /js/pathd.js HTTP/1.1
15:48:10.956204 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 10278:12998, ack 1021, win 507, length 2720: HTTP: HTTP/1.1 200 OK
15:48:10.956294 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 12998:15718, ack 1021, win 507, length 2720: HTTP
15:48:10.956368 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 15718:18438, ack 1021, win 507, length 2720: HTTP
15:48:10.956438 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 18438:19798, ack 1021, win 507, length 1360: HTTP
15:48:10.964088 IP client.yota.ru.57499 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 1:332, ack 1, win 260, length 331: HTTP: GET /js/husl.js HTTP/1.1
15:48:10.964141 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [.], ack 332, win 473, length 0
15:48:10.964398 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [.], seq 1:2721, ack 332, win 473, length 2720: HTTP: HTTP/1.1 200 OK
15:48:10.964435 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [.], seq 2721:5441, ack 332, win 473, length 2720: HTTP
15:48:10.964504 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [.], seq 5441:8161, ack 332, win 473, length 2720: HTTP
15:48:10.964531 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [.], seq 8161:10881, ack 332, win 473, length 2720: HTTP
15:48:10.964634 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57499: Flags [P.], seq 10881:12010, ack 332, win 473, length 1129: HTTP
15:48:10.978964 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 138241, win 4051, options [nop,nop,TS val 233878770 ecr 177968374], length 0
15:48:10.979015 IP ubuntu-512mb-nyc3-01.http > 86.99.240.61.57642: Flags [.], seq 184321:187201, ack 325, win 470, options [nop,nop,TS val 177968541 ecr 233878770], length 2880: HTTP
15:48:10.979056 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 139681, win 4096, options [nop,nop,TS val 233878773 ecr 177968374], length 0
15:48:11.030471 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 2721, win 260, length 0
15:48:11.030549 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 13601:16321, ack 340, win 473, length 2720: HTTP
15:48:11.030581 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 16321:19041, ack 340, win 473, length 2720: HTTP
15:48:11.036128 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 366:745, ack 696, win 257, length 379: HTTP: GET /js/dom.js HTTP/1.1
15:48:11.036412 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 696:3416, ack 745, win 490, length 2720: HTTP: HTTP/1.1 200 OK
15:48:11.036491 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 3416:4776, ack 745, win 490, length 1360: HTTP
15:48:11.036600 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [P.], seq 4776:4794, ack 745, win 490, length 18: HTTP
15:48:11.072690 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 5441, win 260, length 0
15:48:11.072745 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 19041:21761, ack 340, win 473, length 2720: HTTP
15:48:11.072845 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 21761:24481, ack 340, win 473, length 2720: HTTP
15:48:11.073498 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 5441, win 260, options [nop,nop,sack 1 {6801:8161}], length 0
15:48:11.075665 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 8161, win 260, length 0
15:48:11.075697 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 24481:27201, ack 340, win 473, length 2720: HTTP
15:48:11.146475 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, length 0
15:48:11.146527 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 27201:29921, ack 340, win 473, length 2720: HTTP
15:48:11.146662 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 29921:31281, ack 340, win 473, length 1360: HTTP
15:48:11.172332 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 50861, win 260, options [nop,nop,sack 1 {52221:53581}], length 0
15:48:11.172408 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 59021:61741, ack 1106, win 507, length 2720: HTTP
15:48:11.203150 IP client.yota.ru.57500 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 2721, win 260, length 0
15:48:11.203229 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 13601:16321, ack 336, win 473, length 2720: HTTP
15:48:11.203265 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 16321:19041, ack 336, win 473, length 2720: HTTP
15:48:11.207504 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 141121, win 4096, options [nop,nop,TS val 233879138 ecr 177968393], length 0
15:48:11.207542 IP ubuntu-512mb-nyc3-01.http > 86.99.240.61.57642: Flags [.], seq 187201:190081, ack 325, win 470, options [nop,nop,TS val 177968598 ecr 233879138], length 2880: HTTP
15:48:11.231921 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 12998, win 260, length 0
15:48:11.231999 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 19798:22518, ack 1021, win 507, length 2720: HTTP
15:48:11.281171 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 14358, win 260, length 0
15:48:11.281231 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 22518:23878, ack 1021, win 507, length 1360: HTTP
15:48:11.302634 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, options [nop,nop,sack 1 {13601:14961}], length 0
15:48:11.302715 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 9521:10881, ack 340, win 473, length 1360: HTTP
15:48:11.306229 IP client.yota.ru.57499 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 1361, win 260, length 0
15:48:11.310603 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, options [nop,nop,sack 2 {16321:17681}{13601:14961}], length 0
15:48:11.310648 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 10881:12241, ack 340, win 473, length 1360: HTTP
15:48:11.318232 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 2056, win 260, options [nop,nop,sack 1 {4776:4794}], length 0
15:48:11.356646 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, options [nop,nop,sack 3 {24481:25841}{16321:17681}{13601:14961}], length 0
15:48:11.356732 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 12241:13601, ack 340, win 473, length 1360: HTTP
15:48:11.364536 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, options [nop,nop,sack 4 {27201:28561}{24481:25841}{16321:17681}{13601:14961}], length 0
15:48:11.364576 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 14961:16321, ack 340, win 473, length 1360: HTTP
15:48:11.368498 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 2056:3416, ack 745, win 490, length 1360: HTTP
15:48:11.368541 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 3416:4776, ack 745, win 490, length 1360: HTTP
15:48:11.389609 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, options [nop,nop,sack 4 {27201:29921}{24481:25841}{16321:17681}{13601:14961}], length 0
15:48:11.389678 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 17681:19041, ack 340, win 473, length 1360: HTTP
15:48:11.393510 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 9521, win 260, options [nop,nop,sack 4 {27201:31281}{24481:25841}{16321:17681}{13601:14961}], length 0
15:48:11.393547 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 19041:20401, ack 340, win 473, length 1360: HTTP
15:48:11.433266 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 50861, win 260, options [nop,nop,sack 2 {59021:60381}{52221:53581}], length 0
15:48:11.433327 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 50861:52221, ack 1106, win 507, length 1360: HTTP
15:48:11.437279 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 50861, win 260, options [nop,nop,sack 2 {59021:61741}{52221:53581}], length 0
15:48:11.437313 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 53581:54941, ack 1106, win 507, length 1360: HTTP
15:48:11.468139 IP client.yota.ru.57500 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 2721, win 260, options [nop,nop,sack 1 {14961:16321}], length 0
15:48:11.468214 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 2721:4081, ack 336, win 473, length 1360: HTTP
15:48:11.473031 IP client.yota.ru.57500 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 2721, win 260, options [nop,nop,sack 1 {14961:17681}], length 0
15:48:11.473067 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57500: Flags [.], seq 4081:5441, ack 336, win 473, length 1360: HTTP
15:48:11.506463 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 14358, win 260, options [nop,nop,sack 1 {19798:21158}], length 0
15:48:11.506527 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 14358:15718, ack 1021, win 507, length 1360: HTTP
15:48:11.512449 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 14358, win 260, options [nop,nop,sack 1 {19798:22518}], length 0
15:48:11.512488 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 15718:17078, ack 1021, win 507, length 1360: HTTP
15:48:11.533685 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 141121, win 4096, options [nop,nop,TS val 233879378 ecr 177968393,nop,nop,sack 1 {142561:144001}], length 0
15:48:11.533778 IP ubuntu-512mb-nyc3-01.http > 86.99.240.61.57642: Flags [.], seq 190081:191521, ack 325, win 470, options [nop,nop,TS val 177968680 ecr 233879378], length 1440: HTTP
15:48:11.533805 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 141121, win 4096, options [nop,nop,TS val 233879378 ecr 177968393,nop,nop,sack 1 {142561:145441}], length 0
15:48:11.550526 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 141121, win 4096, options [nop,nop,TS val 233879542 ecr 177968393,nop,nop,sack 1 {142561:146881}], length 0
15:48:11.550579 IP ubuntu-512mb-nyc3-01.http > 86.99.240.61.57642: Flags [.], seq 141121:142561, ack 325, win 470, options [nop,nop,TS val 177968684 ecr 233879542], length 1440: HTTP
15:48:11.550660 IP 86.99.240.61.57642 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 141121, win 4096, options [nop,nop,TS val 233879555 ecr 177968393,nop,nop,sack 1 {142561:148321}], length 0
15:48:11.550693 IP ubuntu-512mb-nyc3-01.http > 86.99.240.61.57642: Flags [.], seq 191521:192961, ack 325, win 470, options [nop,nop,TS val 177968684 ecr 233879555], length 1440: HTTP
15:48:11.551623 IP client.yota.ru.57494 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 14358, win 260, options [nop,nop,sack 1 {19798:23878}], length 0
15:48:11.551666 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57494: Flags [.], seq 17078:18438, ack 1021, win 507, length 1360: HTTP
15:48:11.558619 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 10881, win 260, options [nop,nop,sack 4 {27201:31281}{24481:25841}{16321:17681}{13601:14961}], length 0
15:48:11.558665 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 20401:21761, ack 340, win 473, length 1360: HTTP
15:48:11.558698 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 21761:23121, ack 340, win 473, length 1360: HTTP
15:48:11.594606 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 12241, win 260, options [nop,nop,sack 4 {27201:31281}{24481:25841}{16321:17681}{13601:14961}], length 0
15:48:11.594682 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 23121:24481, ack 340, win 473, length 1360: HTTP
15:48:11.594718 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 25841:27201, ack 340, win 473, length 1360: HTTP
15:48:11.624575 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 14961, win 260, options [nop,nop,sack 3 {27201:31281}{24481:25841}{16321:17681}], length 0
15:48:11.624659 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 31281:34001, ack 340, win 473, length 2720: HTTP
15:48:11.630549 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 17681, win 260, options [nop,nop,sack 2 {27201:31281}{24481:25841}], length 0
15:48:11.630598 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 34001:36721, ack 340, win 473, length 2720: HTTP
15:48:11.633155 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 3416, win 260, options [nop,nop,sack 1 {4776:4794}], length 0
15:48:11.639232 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 4794, win 260, length 0
15:48:11.676161 IP client.yota.ru.57497 > ubuntu-512mb-nyc3-01.http: Flags [P.], seq 745:1129, ack 4794, win 260, length 384: HTTP: GET /js/tutorial.js HTTP/1.1
15:48:11.676557 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 4794:7514, ack 1129, win 507, length 2720: HTTP: HTTP/1.1 200 OK
15:48:11.676677 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 7514:10234, ack 1129, win 507, length 2720: HTTP
15:48:11.676751 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [.], seq 10234:11594, ack 1129, win 507, length 1360: HTTP
15:48:11.676868 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57497: Flags [P.], seq 11594:12190, ack 1129, win 507, length 596: HTTP
15:48:11.680542 IP client.yota.ru.57498 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 17681, win 260, options [nop,nop,sack 3 {19041:20401}{27201:31281}{24481:25841}], length 0
15:48:11.680592 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57498: Flags [.], seq 36721:38081, ack 340, win 473, length 1360: HTTP
15:48:11.684191 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 53581, win 260, options [nop,nop,sack 1 {59021:61741}], length 0
15:48:11.684230 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 54941:56301, ack 1106, win 507, length 1360: HTTP
15:48:11.684260 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 56301:57661, ack 1106, win 507, length 1360: HTTP
15:48:11.707213 IP client.yota.ru.57493 > ubuntu-512mb-nyc3-01.http: Flags [.], ack 54941, win 260, options [nop,nop,sack 1 {59021:61741}], length 0
15:48:11.707278 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 57661:59021, ack 1106, win 507, length 1360: HTTP
15:48:11.707382 IP ubuntu-512mb-nyc3-01.http > client.yota.ru.57493: Flags [.], seq 61741:63101, ack 1106, win 507, length 1360: HTTP
15:48:11.717599 IP c-73-129-30-55.hsd1.md.comcast.net.59209 > ubuntu-512mb-nyc3-01.http: Flags [S], seq 2279888157, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 380938937 ecr 0,sackOK,eol], length 0
15:48:11.717671 IP ubuntu-512mb-nyc3-01.http > c-73-129-30-55.hsd1.md.comcast.net.59209: Flags [S.], seq 2491122979, ack 2279888158, win 28960, options [mss 1460,sackOK,TS val 177968726 ecr 380938937,nop,wscale 6], length 0

Estou perdido para poder diagnosticar a origem desse tráfego, alguém pode oferecer mais dicas para encontrar a origem desse tráfego?

tcpdump

por Duopixel 28.12.2016 / 16:52

0 respostas

Tags tcpdump

Montante automático sem script para sistemas Linux systemd Lógica do sistema de emissão de bilhetes