Want more timely Centmin Mod News Updates?
Become a Member

Sysadmin Processes connecting out

Discussion in 'System Administration' started by Meirami, Aug 11, 2018.

  1. Meirami

    Meirami Member

    104
    13
    18
    Dec 21, 2017
    Ratings:
    +36
    Local Time:
    2:42 AM
    I explored how and when my vps makes connections out using tcpdump.
    Code:
    tcpdump -ni any -w ~/synconnections.pcap tcp[13] == 2 and src host 1.2.3.4
    I saw many connections to akamaitechnologies.
    Code:
    11:32:36.063563 IP my.vps.com.47587 > a95-100-96-226.deploy.static.akamaitechnologies.com
    12:07:52.037326 IP my.vps.com.50644 > a23-46-210-169.deploy.static.akamaitechnologies.com
    and so on
    I don't know why my vps is connecting to akamai. Is there a way, how to see which process makes the connection? I'm very curious.
    I'm running Nextcloud 13 on this vps.

    edit:
    It's OpenVZ and it may limit solutions...
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,355
    7,981
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,290
    Local Time:
    9:42 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    tried just a recursive grep for 'deploy.static.akamaitechnologies.com' under your nginx vhost directory to see if any files reference it - Akamai is a CDN like Cloudflare
    Code (Text):
    grep -rn 'deploy.static.akamaitechnologies.com' /home/nginx/domains/yourdomain.com/public
    

    You can use netstat command too i.e. 123.09beta01 has cminfo netstat command too Beta Branch - update cminfo command with netstat flag option
     
  3. Meirami

    Meirami Member

    104
    13
    18
    Dec 21, 2017
    Ratings:
    +36
    Local Time:
    2:42 AM
    Grep didn't find anything.
    I looked through my vhost's access.log and there are connections in at the same time when SYN packet is send out. Few have +-1s time stamp.

    As far as I understand, those connectios should be ok and many companies are using Akamai's services. But why do I have those connections? That's interesting and have to explore more. :)
     
  4. Meirami

    Meirami Member

    104
    13
    18
    Dec 21, 2017
    Ratings:
    +36
    Local Time:
    2:42 AM
    Did you mean that 'cminfo netstat' show all outbound connections, because it's not.
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,355
    7,981
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,290
    Local Time:
    9:42 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    it will show connections at time of running - so if no outbound connections at time you ran command = none shown

    you can just run netstat command manually too
    Code (Text):
    netstat -plant
    
     
  6. Meirami

    Meirami Member

    104
    13
    18
    Dec 21, 2017
    Ratings:
    +36
    Local Time:
    2:42 AM
    Ok, I thought it (cminfo netstat) collects stats like the top lists.
     
..