I'm trying to track down some network issues and I could use some pointers. It seems to me that there's a lot of traffic, much of which is apparently generated by retransmissions. Unfortunately my switch is not managed, so I'm looking at tcpdump and ifonfig on some of my machines. Here's an example of a CentOS machine which I recently updated and restarted:
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 50:54:00:50:49:50
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe70::5034:ef:fe46:3746/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:628098 errors:0 dropped:0 overruns:0 frame:0
TX packets:355965 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:819922554 (781.9 MiB) TX bytes:26544529 (25.3 MiB)
As you can see, there seem to be way more retransmitted packets than transmitted. Most of the traffic this machine is generating goes over a vpn, but I am seeing a similar pattern of RX packets on machines which are generally using the LAN. I'm not seeing any dropped packets. I tried a new switch, but I didn't see any difference.
I would really appreciate any guidance anyone can offer!
Thanks,
Bob
Best Answer
You can use nethogs to find which process is responsible for this traffic.