[FUG-BR] Congesteonar Link - Urgente (Christopher)

Antonio Carlos da Rocha Jr junior em dmuller.com.br
Ter Maio 31 17:55:40 BRT 2005 

Dae pessoal

tive um problema assim aqui na minha rede, mais era um virus(spyware) 
que  atolava o servidor e dava essa mesma mensage no log.


Andre Luiz escreveu:
> Tem como visualizar ACKs, dei um tcpdump -i wi0 |grep ack e apareceu:
>  
> 16:41:07.724639 192.168.0.26.4709 > 213.180.246.165.ms-sql-s: F 1538901269:1538901269(0) ack 1107835182 win 65535 (DF)
> 16:41:07.732742 64.202.167.192.http > 12.0.6.2.2527: . ack 2 win 5840 (DF)
> 16:41:07.740844 213.209.175.184.ms-sql-s > 192.168.0.26.2134: S 3987894778:3987894778(0) ack 1558176693 win 11680 <mss 1380>
> 16:41:07.744818 200.223.16.3.pop3 > 192.168.0.17.3928: . 734586:736046(1460) ack 9 win 5840 (DF)
> 16:41:07.744909 64.202.167.192.http > 12.0.6.2.2527: . ack 2 win 5840 (DF)
> 16:41:07.747082 12.0.6.2.2527 > 64.202.167.192.http: P 2:3(1) ack 0 win 8576 (DF)
> 16:41:07.751624 192.168.0.26.2189 > 213.162.84.157.ms-sql-s: S 1559170234:1559170234(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.753941 192.168.0.26.1875 > 213.47.12.132.ms-sql-s: S 1554045745:1554045745(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.759306 192.168.0.26.1872 > 213.70.110.211.ms-sql-s: S 1553937780:1553937780(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.760040 192.168.0.26.1874 > 213.120.202.160.ms-sql-s: S 1553991832:1553991832(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.762457 192.168.0.26.4280 > ip141net191.skylogicnet.it.ms-sql-s: F 1476549277:1476549277(0) ack 4231074864 win 65535 (DF)
> 16:41:07.764900 192.168.0.26.1818 > ip218net173.skylogicnet.it.ms-sql-s: P 1552885110:1552885151(41) ack 4068256058 win 65535 (DF)
> 16:41:07.769801 192.168.0.26.4038 > customer-ip.is.nl.ms-sql-s: FP 1473313870:1473314072(202) ack 2845579068 win 65498 (DF)
> 16:41:07.771222 192.168.0.26.4278 > 213.209.164.128.ms-sql-s: F 1476485844:1476485844(0) ack 1275101491 win 65535 (DF)
> 16:41:07.773967 192.168.0.26.4282 > 213.209.169.19.ms-sql-s: FP 1476655274:1476655315(41) ack 3966104312 win 65535 (DF)
> 16:41:07.776604 192.168.0.26.4686 > ip141net191.skylogicnet.it.ms-sql-s: F 1538810745:1538810745(0) ack 257919121 win 65535 (DF)
> 16:41:07.778457 192.168.0.26.2190 > 213.237.133.250.ms-sql-s: S 1559247700:1559247700(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.780882 12.0.4.2.4175 > 84.146.63.95.4662: . ack 134565 win 65535 (DF)
> 16:41:07.782633 84.146.63.95.4662 > 12.0.4.2.4175: P 134565:136017(1452) ack 47 win 8233 (DF)
> 16:41:07.783923 192.168.0.26.2197 > 213.209.160.71.ms-sql-s: S 1559292292:1559292292(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.795135 84.146.63.95.4662 > 12.0.4.2.4175: P 134565:136017(1452) ack 47 win 8233 (DF)
> 16:41:07.799235 192.168.0.26.2115 > 213.179.36.172.ms-sql-s: . ack 1 win 65535 (DF)
> 16:41:07.800028 192.168.0.26.2115 > 213.179.36.172.ms-sql-s: P 1:42(41) ack 1 win 65535 (DF)
> 16:41:07.806476 192.168.0.26.2200 > 213.162.36.24.ms-sql-s: S 1559343763:1559343763(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.807189 192.168.0.26.2202 > 213.180.246.165.ms-sql-s: S 1559390448:1559390448(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 16:41:07.808128 192.168.0.26.4090 > 213.219.39.22.ms-sql-s: . ack 76 win 64849 (DF)
> 16:41:07.810451 192.168.0.26.2119 > ip169net183.skylogicnet.it.ms-sql-s: . ack 1 win 65535 (DF)
> 16:41:07.812691 213.223.178.220.ms-sql-s > 192.168.0.26.1624: P 38:280(242) ack 182 win 65312 (DF)
> 16:41:07.817234 213.223.178.220.ms-sql-s > 192.168.0.26.1624: P 38:280(242) ack 182 win 65312 (DF)
> 16:41:07.821124 192.168.0.26.2119 > ip169net183.skylogicnet.it.ms-sql-s: P 1:42(41) ack 1 win 65535 (DF)
> 16:41:07.822689 213.223.178.220.ms-sql-s > 192.168.0.26.1624: F 280:280(0) ack 182 win 65312 (DF)
> 16:41:07.822953 213.99.57.34.ms-sql-s > 192.168.0.26.2148: S 2362773839:2362773839(0) ack 1558444379 win 32000 <mss 1420> (DF)
> 16:41:07.827406 213.223.178.220.ms-sql-s > 192.168.0.26.1624: F 280:280(0) ack 182 win 65312 (DF)
> 16:41:07.831318 213.99.57.34.ms-sql-s > 192.168.0.26.2148: S 2362773839:2362773839(0) ack 1558444379 win 32000 <mss 1420> (DF)
> 16:41:07.832686 213.234.217.11.ms-sql-s > 192.168.0.26.1566: . ack 2 win 17479 (DF)
> 16:41:07.832962 213.236.82.38.ms-sql-s > 192.168.0.26.ellpack: . ack 42 win 17479 (DF)
>  
>  
>  
>  
> 
> 
> Antonio Torres <antonio.torres em newspace.net.br> escreveu:Andre Luiz wrote:
> 
> 
>>Isso mesmo Christopher, priciso entupir o meu link, pois o problema aqui é q qnd o download e upload chega a 1 mega cada um, o link comeca a desmoronar, o consumo atual do link esta download 1356.8 kbp/s
>>e upload 595.3 kbp/s, ou seja sem perda de pacotes nehum, tudo blz. Queria q vc me explica-se um pouco melhor sobre esta ferramenta e como usar precisa de algum comando pra inicializar e depois como parar o processo?? Valeu meu caro
>>
>>
>>
>>
> 
> O que, provavelmente, esta acontecendo é "atropelo de ACKs" ...
> 
> está muito bem descrito em http://www.benzedrine.cx/ackpri.html
> (com gráficos de MRTG e tudo o mais)
> 
> Ainda tem uma solucao para o problema usando o pf, mas pode ser 
> facilmente implementado com ipfw+dummynet
> 
> 
> []s
> Antonio Torres
> antonio.torres em newspace.net.br
> 
> _______________________________________________
> Freebsd mailing list
> Freebsd em fug.com.br
> http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
> 
> 
> __________________________________________________
> Converse com seus amigos em tempo real com o Yahoo! Messenger 
> http://br.download.yahoo.com/messenger/ 
> _______________________________________________
> Freebsd mailing list
> Freebsd em fug.com.br
> http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
> 
> 

_______________________________________________
Freebsd mailing list
Freebsd em fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br

Mais detalhes sobre a lista de discussão freebsd