Run tcpdump for a little: > /usr/sbin/tcpdump -i eth0 -w traffic03.cap
Control+C when you get enough data, download traffic03.cap to your computer, and load it up in wireshark. > From: [email protected] > To: [email protected] > Date: Sun, 29 Jan 2012 17:34:17 +0100 > Subject: Re: [hlds_linux] No Steam Logon - massive lag > > > Tbh I have no idea how to find out what this is, how do I even use tcpdump to > output that info? All I get from it is "encrypted" like with some weird chars > that Notepad++ can't open.Help please. > > > Date: Sat, 28 Jan 2012 23:57:31 +0100 > > From: [email protected] > > To: [email protected] > > Subject: Re: [hlds_linux] No Steam Logon - massive lag > > > > tcpdump of an attack on one of my servers: > > > > 18:01:58.350565 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > 0x0000: 4500 002e 1dc1 0000 7711 6a89 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE! > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii > > 18:01:58.351470 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > 0x0000: 4500 002e 1dc3 0000 7711 6a87 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE! > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii > > 18:01:58.352542 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 0 > > 0x0000: 4500 001c 1dc4 0000 7711 6a98 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000 ......i......... > > 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. > > 18:01:58.353050 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > 0x0000: 4500 002e 1dc5 0000 7711 6a85 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE! > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii > > 18:01:58.353988 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > 0x0000: 4500 002e 1dc7 0000 7711 6a83 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE! > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii > > 18:01:58.354937 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 18 > > 0x0000: 4500 002e 1dc9 0000 7711 6a81 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 001a 0728 3342 4521 ......i....(3BE! > > 0x0020: 6f64 7936 5341 4d50 4245 2164 6969 ody6SAMPBE!dii > > 18:01:58.355887 IP 91.192.165.121.1267 > x.x.x.x.27015: UDP, length 0 > > 0x0000: 4500 001c 1dca 0000 7711 6a92 5bc0 a579 E.......w.j.[..y > > 0x0010: xxxx xxxx 04f3 6987 0008 d5ee 0000 0000 ......i......... > > 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. > > > > Low bandwidth (~250 packets per second) but was severly lagging the > > game, all clients dropping with no steam logon. Iptables killed it but > > there is something seriously wrong with srcds if it can't just ignore > > those packets. > > > > On 2012-01-28 17:31, voice wrote: > > > Bleh, attached an image and now its pending approval, lesson learned. > > > Instead have a link: > > > http://projectshadow.randomsonicnet.org/srcds/dos.png > > > > > > The thing to see there is the constant stream from port 65098 to the > > > server's port. All UDP traffic in IPTraf gets thrown into that bottom > > > window. > > > > > > Regards, > > > Chris > > > > > > On Sat, Jan 28, 2012 at 10:17 AM, Harry > > > Cann<[email protected]>wrote: > > > > > >> We get the same on our linux TF2 servers! > > >> > > >> ----- Reply message ----- > > >> From: "Michael Johansen"<[email protected]> > > >> To:<[email protected]> > > >> Subject: [hlds_linux] No Steam Logon - massive lag > > >> Date: Sat, Jan 28, 2012 3:25 pm > > >> > > >> > > >> > > >> Hi guys, > > >> I'm running 6 TF2 servers which are quite popular. Anyhow, my server > > >> laggs, badly sometimes, and right after the spike a lot of players d/c > > >> with > > >> the "No Steam Logon" message. This is not related to a machine or any > > >> plugins I am running. This has happened a lot of times now, and I'm sick > > >> of > > >> it. What is wrong and why is it happening? Me and a friend were playing > > >> on > > >> two of our servers when we both lag out (red message in the top right > > >> corner) and then it stops and returns to normal, but half of the players > > >> are now gone. > > >> Help? > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list archives, > > >> please visit: > > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list archives, > > >> please visit: > > >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > >> > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
