Hi All,
Here is a snippet from an IPTraf log on one particular SME 5.6 server:-
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
Fri Jun 13 20:17:26 2003; UDP; lo; 54 bytes; from localhost:32838 to localhost:32902
There are thousands and thousands of these lines (making up many, many megabytes in a very short space of time).
The situation is as follows :
This particular company has two sections. The Admin section works a typical 9 - 5 type hours. The data entry section works 9 - 5 on and off (up to 8 people at a time) but have most of the staff on from about 4 - 9pm. During the day, no problems. Every night, starting at around 8:00 pm (sometimes up to half hour or so earlier but mostly at 8:00pm), the network grinds to almost a standstill. There are no obvious things running on the server or any of the other PCs. The server logs don't show anything out of the ordinary. So, I put on IPTraf to capture the IP traffic and actually sat and watched the network activity from about 7:30 pm onwards. At almost 8:00 pm exactly (give or take a minute) the traffic flow (the numbers beside the mac addresses and at the bottom of the screen) slowed to a crawl. Again, nothing new in the logs. The top program shows 1 or 2 smb processes from a couple of connected workstations taking up the top 2 spots on the list followed by iptraf (which is running in another Putty window). After about 25 minutes, traffic flow resumed as normal. I stopped capturing the log at that point. The log file showed various traffic flows but is predominantly taken up by the above log lines.
Anyone know what might those lines mean ? As this is a daily occurrence (always around the same time), it is quite puzzling. It seems as if the server is very busily sending data to itself (the lo interface) from one port to another (there are a few other port numbers that comes up but mostly the above ports) so much so that it has no time to service network requests ?
TIA for any insights !
Kelvin
2 Replies
1053 Views