Ajuda para analizar log do iptraf

**Dedao** · 26-06-2007, 09:33

Ola a todos. Ultimamente, a internet de nossa rede tem andado bastante lenta (independente se tiver 20 pcs ou apenas 5 pcs conectados). Utilizei o iptraf para fazer algumas análises. Estou achando que pode ser algum problema relacionado a broadcast ou talvez alguma invasão. abaixo estou postando 2 logs que o iptraf me gerou. Ambos os logs estão capturando pacotes da interface de rede ligada diretamente a internet. Gostaria que vocês me ajudassem a entende-los. Desde já agradeço.

[]s..Renato

Tue Jun 26 09:21:16 2007; ******** Detailed interface statistics started ********

*** Detailed statistics for interface eth0, generated Tue Jun 26 09:22:16 2007

Total: 121 packets, 10333 bytes
(incoming: 68 packets, 5748 bytes; outgoing: 53 packets, 4585 bytes)
IP: 121 packets, 8603 bytes
(incoming: 68 packets, 4760 bytes; outgoing: 53 packets, 3843 bytes)
TCP: 32 packets, 1542 bytes
(incoming: 16 packets, 776 bytes; outgoing: 16 packets, 766 bytes)
UDP: 89 packets, 7061 bytes
(incoming: 52 packets, 3984 bytes; outgoing: 37 packets, 3077 bytes)
ICMP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Other IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Non-IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Broadcast: 9 packets, 828 bytes

Average rates:
0.17 kbytes/s, 2.02 packets/s
Incoming: 0.08 kbytes/s, 1.13 packets/s
Outgoing: 0.07 kbytes/s, 0.88 packets/s

Peak total activity: 0.42 kbytes/s, 6.80 packets/s
Peak incoming rate: 0.34 kbytes/s, 4.00 packets/s
Peak outgoing rate: 0.21 kbytes/s, 3.40 packets/s

IP checksum errors: 0

Running time: 60 seconds

*** Detailed statistics for interface eth0, generated Tue Jun 26 09:23:16 2007

Total: 220 packets, 18546 bytes
(incoming: 118 packets, 9680 bytes; outgoing: 102 packets, 8866 bytes)
IP: 220 packets, 15358 bytes
(incoming: 118 packets, 7920 bytes; outgoing: 102 packets, 7438 bytes)
TCP: 96 packets, 4626 bytes
(incoming: 48 packets, 2328 bytes; outgoing: 48 packets, 2298 bytes)
UDP: 122 packets, 10612 bytes
(incoming: 69 packets, 5532 bytes; outgoing: 53 packets, 5080 bytes)
ICMP: 2 packets, 120 bytes
(incoming: 1 packets, 60 bytes; outgoing: 1 packets, 60 bytes)
Other IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Non-IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Broadcast: 15 packets, 1531 bytes

Average rates:
0.15 kbytes/s, 1.83 packets/s
Incoming: 0.07 kbytes/s, 0.98 packets/s
Outgoing: 0.07 kbytes/s, 0.85 packets/s

Peak total activity: 0.44 kbytes/s, 6.80 packets/s
Peak incoming rate: 0.34 kbytes/s, 4.00 packets/s
Peak outgoing rate: 0.21 kbytes/s, 3.40 packets/s

IP checksum errors: 0

Running time: 120 seconds

*** Detailed statistics for interface eth0, generated Tue Jun 26 09:24:16 2007

Total: 300 packets, 25721 bytes
(incoming: 166 packets, 13724 bytes; outgoing: 134 packets, 11997 bytes)
IP: 300 packets, 21377 bytes
(incoming: 166 packets, 11256 bytes; outgoing: 134 packets, 10121 bytes)
TCP: 128 packets, 6168 bytes
(incoming: 64 packets, 3104 bytes; outgoing: 64 packets, 3064 bytes)
UDP: 168 packets, 14969 bytes
(incoming: 100 packets, 8032 bytes; outgoing: 68 packets, 6937 bytes)
ICMP: 4 packets, 240 bytes
(incoming: 2 packets, 120 bytes; outgoing: 2 packets, 120 bytes)
Other IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Non-IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Broadcast: 35 packets, 3371 bytes

Average rates:
0.14 kbytes/s, 1.67 packets/s
Incoming: 0.07 kbytes/s, 0.92 packets/s
Outgoing: 0.06 kbytes/s, 0.74 packets/s

Peak total activity: 0.45 kbytes/s, 6.80 packets/s
Peak incoming rate: 0.34 kbytes/s, 4.00 packets/s
Peak outgoing rate: 0.24 kbytes/s, 3.60 packets/s

IP checksum errors: 0

Running time: 180 seconds

*** Detailed statistics for interface eth0, generated Tue Jun 26 09:25:16 2007

Total: 362 packets, 32002 bytes
(incoming: 197 packets, 16920 bytes; outgoing: 165 packets, 15082 bytes)
IP: 362 packets, 26754 bytes
(incoming: 197 packets, 13982 bytes; outgoing: 165 packets, 12772 bytes)
TCP: 160 packets, 7710 bytes
(incoming: 80 packets, 3880 bytes; outgoing: 80 packets, 3830 bytes)
UDP: 198 packets, 18804 bytes
(incoming: 115 packets, 9982 bytes; outgoing: 83 packets, 8822 bytes)
ICMP: 4 packets, 240 bytes
(incoming: 2 packets, 120 bytes; outgoing: 2 packets, 120 bytes)
Other IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Non-IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Broadcast: 41 packets, 4694 bytes

Average rates:
0.13 kbytes/s, 1.51 packets/s
Incoming: 0.07 kbytes/s, 0.82 packets/s
Outgoing: 0.06 kbytes/s, 0.69 packets/s

Peak total activity: 0.51 kbytes/s, 7.20 packets/s
Peak incoming rate: 0.34 kbytes/s, 4.00 packets/s
Peak outgoing rate: 0.31 kbytes/s, 4.00 packets/s

IP checksum errors: 0

Running time: 240 seconds

*** Detailed statistics for interface eth0, generated Tue Jun 26 09:25:17 2007

Total: 362 packets, 32002 bytes
(incoming: 197 packets, 16920 bytes; outgoing: 165 packets, 15082 bytes)
IP: 362 packets, 26754 bytes
(incoming: 197 packets, 13982 bytes; outgoing: 165 packets, 12772 bytes)
TCP: 160 packets, 7710 bytes
(incoming: 80 packets, 3880 bytes; outgoing: 80 packets, 3830 bytes)
UDP: 198 packets, 18804 bytes
(incoming: 115 packets, 9982 bytes; outgoing: 83 packets, 8822 bytes)
ICMP: 4 packets, 240 bytes
(incoming: 2 packets, 120 bytes; outgoing: 2 packets, 120 bytes)
Other IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Non-IP: 0 packets, 0 bytes
(incoming: 0 packets, 0 bytes; outgoing: 0 packets, 0 bytes)
Broadcast: 41 packets, 4694 bytes

Average rates:
0.13 kbytes/s, 1.50 packets/s
Incoming: 0.07 kbytes/s, 0.82 packets/s
Outgoing: 0.06 kbytes/s, 0.68 packets/s

Peak total activity: 0.51 kbytes/s, 7.20 packets/s
Peak incoming rate: 0.34 kbytes/s, 4.00 packets/s
Peak outgoing rate: 0.31 kbytes/s, 4.00 packets/s

IP checksum errors: 0

Running time: 241 seconds
Tue Jun 26 09:25:17 2007; ******** Detailed interface statistics stopped ********

Outro log que eu capturei :

Tue Jun 26 09:28:45 2007; ******** IP traffic monitor started ********
Tue Jun 26 09:28:45 2007; UDP; eth0; 229 bytes; from 192.168.7.47:netbios-dg to 192.168.7.255:netbios-dg
Tue Jun 26 09:28:45 2007; UDP; eth0; 154 bytes; from 200.102.210.92:ipp to 200.102.210.255:ipp
Tue Jun 26 09:28:45 2007; UDP; eth0; 151 bytes; from 192.168.7.1:ipp to 192.168.7.255:ipp
Tue Jun 26 09:28:45 2007; UDP; eth0; 118 bytes; from giaretton.com.br:ipp to 200.102.210.255:ipp
Tue Jun 26 09:28:45 2007; UDP; eth0; 115 bytes; from gia.giaretton.com.br:ipp to 192.168.7.255:ipp
Tue Jun 26 09:28:45 2007; UDP; eth0; 64 bytes; from 192.168.7.59:41608 to 87.9.138.240:36603
Tue Jun 26 09:28:45 2007; UDP; eth0; 408 bytes; from host240-138-dynamic.9-87-r.retail.telecomita:36603 to 192.168.7.59:41608
Tue Jun 26 09:28:49 2007; UDP; eth0; 64 bytes; from 192.168.7.59:41608 to 128.143.5.222:31213
Tue Jun 26 09:28:50 2007; UDP; eth0; 408 bytes; from d-128-5-222.bootp.Virginia.EDU:31213 to 192.168.7.59:41608
Tue Jun 26 09:28:50 2007; UDP; eth0; 147 bytes; from 192.168.7.59:41608 to 24.212.16.29:32865
Tue Jun 26 09:28:51 2007; UDP; eth0; 48 bytes; from cnq16-29.cablevision.qc.ca:32865 to 192.168.7.59:41608
Tue Jun 26 09:29:05 2007; UDP; eth0; 65 bytes; from 192.168.7.60:1026 to gia.giaretton.com.br:domain
Tue Jun 26 09:29:06 2007; UDP; eth0; 65 bytes; from 192.168.7.60:1026 to gia.giaretton.com.br:domain
Tue Jun 26 09:29:07 2007; UDP; eth0; 65 bytes; from 192.168.7.60:1026 to 192.168.0.1:domain
Tue Jun 26 09:29:08 2007; UDP; eth0; 65 bytes; from 192.168.7.59:41608 to 84.22.20.13:40134
Tue Jun 26 09:29:08 2007; UDP; eth0; 78 bytes; from 192.168.7.11:34259 to 192.168.7.255:netbios-ns
Tue Jun 26 09:29:09 2007; UDP; eth0; 78 bytes; from 192.168.7.60:netbios-ns to 192.168.7.255:netbios-ns
Tue Jun 26 09:29:09 2007; UDP; eth0; 78 bytes; from gia.giaretton.com.br:netbios-ns to 192.168.7.255:netbios-ns
Tue Jun 26 09:29:09 2007; UDP; eth0; 90 bytes; from 192.168.7.11:netbios-ns to gia.giaretton.com.br:netbios-ns
Tue Jun 26 09:29:09 2007; UDP; eth0; 78 bytes; from 192.168.7.11:34259 to 192.168.7.255:netbios-ns
Tue Jun 26 09:29:09 2007; UDP; eth0; 78 bytes; from 192.168.7.11:34259 to 192.168.7.255:netbios-ns
Tue Jun 26 09:29:09 2007; UDP; eth0; 465 bytes; from 84.22.20.13:40134 to 192.168.7.59:41608
Tue Jun 26 09:29:09 2007; UDP; eth0; 143 bytes; from 192.168.7.59:41608 to 83.144.92.169:52478
Tue Jun 26 09:29:09 2007; UDP; eth0; 81 bytes; from gia.giaretton.com.br:domain to 192.168.7.60:1026
Tue Jun 26 09:29:09 2007; UDP; eth0; 81 bytes; from gia.giaretton.com.br:domain to 192.168.7.60:1026
Tue Jun 26 09:29:10 2007; UDP; eth0; 48 bytes; from chello083144092169.chello.pl:52478 to 192.168.7.59:41608
Tue Jun 26 09:29:11 2007; UDP; eth0; 154 bytes; from giaretton.com.br:ipp to 200.102.210.255:ipp
Tue Jun 26 09:29:11 2007; UDP; eth0; 151 bytes; from gia.giaretton.com.br:ipp to 192.168.7.255:ipp
Tue Jun 26 09:29:13 2007; UDP; eth0; 118 bytes; from giaretton.com.br:ipp to 200.102.210.255:ipp
Tue Jun 26 09:29:13 2007; UDP; eth0; 115 bytes; from gia.giaretton.com.br:ipp to 192.168.7.255:ipp
Tue Jun 26 09:29:13 2007; UDP; eth0; 53 bytes; from 192.168.7.42:1027 to gia.giaretton.com.br:domain

Ajuda para analizar log do iptraf

Ferramentas de Tópicos

Ajuda para analizar log do iptraf