Strange network traffic

Okey dokey.. My site is very low-profile, so when I looked at my MRTG graphs this morning and saw that my outgoing bandwidth had been stuck at ~65kbits/s since noon on saturday, I got suspicious.. Note, it's STILL at this rate.

Netstat reports no unusual connections open.. in fact, nothing besides my ssh connections and tomcat (idle, listening) at the moment.

the apache logs are fine, no crazy increase in hits or anything..

however.. a tcpdump give curious results.. there are a LOT of UDP packets being generated from a box on the same class C as mine (also at serveroutsource.net...running windows). About 15/second, being sent to the 224.2.x.x multicast addresss..

for a little snapshot of what i'm talking about, try http://dhtns.com/tcpdump

I just took out a ticket with serveroutsource, so they'll probably have it figured out soon, but I figured I may as well ask here to get other people's opinions. Should this UDP traffic be affecting my bandwidth usage? And *outgoing*, of all things? Any idea what's up with the other guy's server?

My box is running freebsd 5.0, for what it's worth.

Thanks,
-tesla

[edit.. that's 65 kBITS/second, not kBYTES/sec]

 

 

 

 

Top