Join the community today
Register Now

Sysadmin Processes connecting out

Discussion in 'System Administration' started by Meirami, Aug 11, 2018.

  1. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    10:44 AM
    I explored how and when my vps makes connections out using tcpdump.
    Code:
    tcpdump -ni any -w ~/synconnections.pcap tcp[13] == 2 and src host 1.2.3.4
    I saw many connections to akamaitechnologies.
    Code:
    11:32:36.063563 IP my.vps.com.47587 > a95-100-96-226.deploy.static.akamaitechnologies.com
    12:07:52.037326 IP my.vps.com.50644 > a23-46-210-169.deploy.static.akamaitechnologies.com
    and so on
    I don't know why my vps is connecting to akamai. Is there a way, how to see which process makes the connection? I'm very curious.
    I'm running Nextcloud 13 on this vps.

    edit:
    It's OpenVZ and it may limit solutions...
     
  2. eva2000

    eva2000 Administrator Staff Member

    40,188
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    5:44 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    tried just a recursive grep for 'deploy.static.akamaitechnologies.com' under your nginx vhost directory to see if any files reference it - Akamai is a CDN like Cloudflare
    Code (Text):
    grep -rn 'deploy.static.akamaitechnologies.com' /home/nginx/domains/yourdomain.com/public
    

    You can use netstat command too i.e. 123.09beta01 has cminfo netstat command too Beta Branch - update cminfo command with netstat flag option
     
  3. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    10:44 AM
    Grep didn't find anything.
    I looked through my vhost's access.log and there are connections in at the same time when SYN packet is send out. Few have +-1s time stamp.

    As far as I understand, those connectios should be ok and many companies are using Akamai's services. But why do I have those connections? That's interesting and have to explore more. :)
     
  4. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    10:44 AM
    Did you mean that 'cminfo netstat' show all outbound connections, because it's not.
     
  5. eva2000

    eva2000 Administrator Staff Member

    40,188
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    5:44 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    it will show connections at time of running - so if no outbound connections at time you ran command = none shown

    you can just run netstat command manually too
    Code (Text):
    netstat -plant
    
     
  6. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    10:44 AM
    Ok, I thought it (cminfo netstat) collects stats like the top lists.
     
..