How to interpret this jnettop output?How can I sort du -h output by sizeHttpd problem, suspect an attack but...

Skis versus snow shoes - when to choose which for travelling the backcountry?

The need of reserving one's ability in job interviews

How to substitute values from a list into a function?

Rationale to prefer local variables over instance variables?

Wrap all numerics in JSON with quotes

What type of investment is best suited for a 1-year investment on a down payment?

Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?

VAT refund for a conference ticket in Sweden

Is the withholding of funding notice allowed?

Is divide-by-zero a security vulnerability?

Citing contemporaneous (interlaced?) preprints

A bug in Excel? Conditional formatting for marking duplicates also highlights unique value

How can I create a Table like this in Latex?

Second-rate spelling

Why are special aircraft used for the carriers in the United States Navy?

What is a term for a function that when called repeatedly, has the same effect as calling once?

I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?

Giving a talk in my old university, how prominently should I tell students my salary?

How to mitigate "bandwagon attacking" from players?

How can I be pwned if I'm not registered on the compromised site?

Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?

In iTunes 12 on macOS, how can I reset the skip count of a song?

Are small insurances worth it

What Does the Heart In Gyms Mean?



How to interpret this jnettop output?


How can I sort du -h output by sizeHttpd problem, suspect an attack but not sureMitigate DDoS attack with HAProxyDos/ Flood Lag even though Port not SaturatedAnyone else experiencing high rates of Linux server crashes during a leap second day?Reasons for missing IP info in `last` output on pts logins?I am under DDoS. What can I do?Abnormal CPU usage during Disk Write OperationsProtecting against a DOS attackIs this a DDoS attack? It's been overr 48 hours. What do I do?













0















Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



http://imgur.com/xozMvz9



and this is an example of when the issue is happeing:



http://imgur.com/AEgW5he



SO my question is: what does that "IP" in protocol and also "0" in port means????



I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






linux ddos







share|improve this question














bumped to the homepage by Community 11 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    0















    Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



    http://imgur.com/xozMvz9



    and this is an example of when the issue is happeing:



    http://imgur.com/AEgW5he



    SO my question is: what does that "IP" in protocol and also "0" in port means????



    I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






    linux ddos







    share|improve this question














    bumped to the homepage by Community 11 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      0












      0








      0








      Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



      http://imgur.com/xozMvz9



      and this is an example of when the issue is happeing:



      http://imgur.com/AEgW5he



      SO my question is: what does that "IP" in protocol and also "0" in port means????



      I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






      linux ddos







      share|improve this question














      Looks like I'm currently under a DOS attack or something like that, I've been monitoring the traffic on the server using jnettop, this is a of what I see during normal conditions:



      http://imgur.com/xozMvz9



      and this is an example of when the issue is happeing:



      http://imgur.com/AEgW5he



      SO my question is: what does that "IP" in protocol and also "0" in port means????



      I replaced the ip of my server with: 1.1.1.1 to make it more readable. Of course this is just an entry of the output, in nomral operation the list has many more entries, and when I'm under the attack, also I see several entries with the same HUGE RX and 0 TX, so the solution is not just block that IP in the example.






      linux ddos




      linux ddos






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 14 '13 at 23:31









      user189986user189986

      61




      61





      bumped to the homepage by Community 11 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 11 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



          You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f538995%2fhow-to-interpret-this-jnettop-output%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



            You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






            share|improve this answer




























              0














              Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



              You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






              share|improve this answer


























                0












                0








                0







                Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



                You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.






                share|improve this answer













                Could be that the attackers are using some exotic protocol on top of IP, that jnettop doesn't recognize.



                You could try to use a network capture tool, with a filter such as not tcp and not udp, and see what remains.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 16 '13 at 22:20









                b0fhb0fh

                2,9681529




                2,9681529






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f538995%2fhow-to-interpret-this-jnettop-output%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    As a Security Precaution, the user account has been locked The Next CEO of Stack OverflowMS...

                    Image
                    Could a dragon use its wings to swim? Is it a bad idea to plug the other end of ESD strap to wall ground? How can I prove that a state of equilibrium is unstable? Compilation of a 2d array and a 1d array pgfplots: How to draw a tangent graph below two others? How dangerous is XSS Gauss' Posthumous Publications? How to implement Comparable so it is consistent with identity-equality What does this strange code stamp on my passport mean? "Eavesdropping" vs "Listen in on" Which acid/base does a strong base/acid react when added to a buffer solution?
                    Read more

                    Список ссавців Італії Природоохоронні статуси | Список |...

                    Image
                    Списки ссавцівФауна ІталіїСписки:ІталіяСсавці Італії ІталіїМСОПХижіCetartiodactylaРукокриліКомахоїдніЗайцеподібніГризуниМСОП ссавці Італії ? Італія Біорегіон Біогеографічний екорегіон Голарктика Екозона Палеарктика Біом субтропічний ліс, альпійські луки, прісні води, континентальний шельф, континентальний схил Місцевість Континент Європа Країна Італія Територія Середземне море Фауна більшого обсягу За географією фауна Європи За систематикою ссавці, фауна Італії За екологією суходільна фауна, морська фауна За біогеографією теріофауна Європи Геологічний вік сучасність Особливості Видовий обсяг 121 Чужорідні види Genetta genetta, Ondatra zibethicus, Oryctolagus cuniculus, Rattus norvegicus, Rattus rattus, Sciurus carolinensis, Tamias sibiricus Список ссавців Італії містить перелік видів, записаних на території Італії (південна Європа) згідно з
                    Read more

                    Українські прізвища Зміст Історичні відомості |...

                    Image
                    АдигськіАбхазькіАзербайджанські [en] Албанські [en] АлтайськіАмериканські [en] Афроамериканські [en] АнглійськіАрабськіБашкирськіБілоруські [en] прізвищаБолгарські [en] БоснійськіБурятськіВельські [en] ВепськіВ'єтнамські [en] Вірменські [en] Гавайські [en] ГолландськіГрецькіГрузинськіДанськіЕстонськіЄврейські [en] Юдейські [en] Ефіопія/Еритрея [en] Зімбабвійські [en] Індіанські [en] ІндійськіІндонезійські [en] Ірландські [en] ІсландськіІспанські і португальськіІталійськіКалмицькі [en] КарельськіКазахськіКамбоджійські [en] Канадські [en] КіргизькіКитайські [en] КоміКорейськіЛатиськіЛитовські [en] Лаоські [en] МарійськіМакедонські [en] Малазійські [en] Монгольські [en] МордовськіНімецькіНорвезькіОсетинськіПерські [en] ПольськіПрибалтійськіПортугальськіРосійськіпрізвищаРумунськіСербськіСкандинавськіСлов'янськіСахаСловацькі [en] Сомалійські [en] ТайванськіТайські [en] Татарські [en] ТибетськіТувинськіТурецькі [en] УгорськіУдмуртськіУкраїнськіпрізвищаФіджійські [en] ФінськіФранцузьк
                    Read more