MadeOfCard Posted May 19, 2017 Share Posted May 19, 2017 Long time Unraid user, first time poster so thank you in advance. For the last 6 months I have been frequently dealt an IP ban from the PSN network (Error code WS-37397-9) & Craigslist. Weird, I know. I have swept all my non-unraid systems for virus/malware multiple times to remedy this to no avail so I thought I'd dive into my Unraid box's network traffic and do some digging. Method: - disabled all Docker containers other than Darkstat - Active plugins: Community Applications and all dependencies (CA autoupdate applications, etc) Dynamix Sys Info, Sys Statistics, WebGUI Recycle Bin Everything is up-to-date as of this post. I was really looking for the PSN traffic problem but immediately I see Craiglist being pinged about every minute. (See attached) Has anyone run into this? I have no idea this box or any microservice would want to request craigslist's homepage every minute. Thanks again Link to comment
itimpi Posted May 19, 2017 Share Posted May 19, 2017 That is not normal behaviour of unRAID as far as I know. It is certainly not an issue that anyone else has ever reported. Link to comment
abs0lut.zer0 Posted May 20, 2017 Share Posted May 20, 2017 Hey all No solution just another question to add to the OP. After I read this post I wondered the same thing, for those of us that do not have the vm's or any sort of containers running on my unriad box. Is there any way from the cli to see what traffic is leaving the unraid box with build a second machine or sniffing a hub from another pc. Thank You Link to comment
abs0lut.zer0 Posted May 20, 2017 Share Posted May 20, 2017 Sorry for answering my own question But I saw I had the nerd tool plugin installed and iftop was in it so is that telling me ALL the traffic coming from my unraid box or only the top talkers? so using iftop i was able to see what ip's my box was talking to. am I right ? apologies for hijacking the thread, was not my intention thank you Link to comment
pwm Posted November 17, 2017 Share Posted November 17, 2017 iftop focuses on information about the biggest ongoing transfers, just as top focuses on the processes that consumes most CPU or memory. So if your box has lots of connections, then you may not see any spurious extra connects. One tool that is always available is netstat. netstat -Wpa gives lots of nice information about active connections and listeners and also a list of recent TCP connects that ended within the last minutes. For current connects/listeners it also tells the name and PID of the process. It can be hard to catch actual process information for short and quick connects but netstat may still show a The best way to capture all connects is to make use of the iptables firewall and log connects. But that requires knowledge since it isn't practical to just paste in some boiler plate lines found on the net - the iptables commands depends on actual interface names, IP ranges etc. Link to comment
MadeOfCard Posted November 17, 2017 Author Share Posted November 17, 2017 Sorry, I should have updated this months ago. It caught a bug because port 80 was unknowingly open to the world. Not the web GUI thankfully. I backed up my config and reinstalled Unraid and everything is good now. ?? Thank you though @pwm Link to comment
pwm Posted November 17, 2017 Share Posted November 17, 2017 Yes, I noticed the thread was old but the question about knowing about what connects a system is making or receiving is general. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.