Do ifconfig, TX data many more than RX data

D

Dauser2007

Verified User
Joined
Dec 5, 2007
Messages
209
hi,

Do ifconfig, TX data many more than RX data, usual what's this problem ? here is the logs:

[root@host ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:B9:C1:xx:xx
inet addr:2xx.1xx.1xx.1xx Bcast:2xx.1xx.1xx.255 Mask:2xx.1xx.1xx.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4257671 errors:0 dropped:0 overruns:0 frame:0
TX packets:4325860 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:845451757 (806.2 MiB) TX bytes:3734834018 (3.4 GiB)
Interrupt:169 Memory:f8000000-f8012800
Click to expand...


thanks!

Best regards !

Dauser
 
It's unlikely any problem at all. Webservers generally send much more data than they receive.

Jeff
 
Thanks, but when i have this problem , web hosting all the bandwidth get full load! other server will be can not visit any more ! that;s why i post here ask this question !

best regards !
 
Thanks Jeff, i double checked os by chkrootkit, there just show me nothing found !

[root@host ~]# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not found
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while...
/var/www/html/mrtg/tcp.log
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults...
nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libfipscheck.so.1.hmac /usr/lib/gtk-2.0/immodules/.relocation-tag /usr/lib/.libgcrypt.so.11.hmac /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Archive/Tar/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/NetAddr/IP/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Error/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Module/Metadata/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/IO/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/IO/Socket/SSL/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/CIDR/Lite/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/version/.packlist /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/HTML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/NKF/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Digest/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Storable/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/DB_File/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Test/Harness/.packlist /lib/.libcrypto.so.0.9.8e.hmac /lib/.libssl.so.6.hmac /lib/.libssl.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ****C Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files...
nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
eth0:0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
Click to expand...

any more tools , i can check PHP code ,maybe , thanks !

Best regards !

Dauser
 
I'm not a PHP programmer, so I'm not the right guy to ask; hopefully someone else will reply.

But first thing I'd do is look for any rogue PHP files running in memory or on the server. If none in server then perhaps reboot system to kill and not restart any running in memory.

Jeff
 
@jeff

Thank you anyway , finaly i changed server under CLI and IP also , looks like better then before !


Dauser
 
You must log in or register to reply here.
Back
Top