Insane inbound traffic graph?

[Coder42]

Im not quite sure, i cant get hold of the network administrator.

However im almost certain that is is a switch, in the form of a router of course.

I just looked at my eth0 setup, and saw that the netmask is set to: 255.255.255.128 - i wonder if it will change anything to set it to 255?

[Coder42]

It is pretty funny since the outbound seems to be right, but the inbound sees all other connections.

Im running ntop and the list is filled with servers from the rest of the network.

[rony]

I sure hope that isn't all broadcast..... Ewwwww!!!

Good luck, do let us know what it was.

[Coder42]

Ok i now know that i is a router/switch for sure.

I've tried to setup my iptables firewall to only accept packets with my IP as destination + the different ports i use.

Still this have no affect on the data.

Is there no way to tell cacti to only count hits on your IP?

[Coder42]

In case anybody experiences a problem like this.

Did you install any packet sniffers? Like SNORT or tcpdump. Then it is probably those that are setting your eth0 device into promiscuous mode - and it cant even be seen on ifconfig.

just do a dmesg | grep promiscuous to check for occurences.

I had tcpdump installed, so i removed it along with the libpcap library that is used to capture the information.

Now it works like it should

[rony]

Ok i now know that i is a router/switch for sure.

I've tried to setup my iptables firewall to only accept packets with my IP as destination + the different ports i use.

Still this have no affect on the data.

Is there no way to tell cacti to only count hits on your IP?

Typically interface graphs are the physical traffic... Which is before a firewall or filtering.

To monitor per IP address, you are going to have to create custom scripts to gather that data, if at all possible.