Process(s) that are tying up network at 23:00 each night.
E4500 - SunOS 2.6
Networking group contacted me to see what was running on system between 11:22-11:30 pm.Something big is running on system almost every night during this time. Network Monitoring Center loose connectivity to the network during this timeframe. How can I find out what is running on system at this time every night to cause this connectivity problem?
Networking group has put a sniffer on network. Utilization is at 5% when the sniffer starts. At 11:22-11:30pm utilization spikes up to 95%. This system is top talker at this time.
[571 byte] By [
cooperil] at [2007-11-25 23:19:15]
# 2
Actually look at ALL the crontabs on the system. Go into /var/spool/cron/crontabs and look in all the files in that directory. Also, unlikely but very possible someone may have a self-regenerating at job. Look in /var/spool/cron/atjobs.
If nothing shows up there, you'll need to get a better understanding of what is running on your box. This could be a job that runs all the time and simply kicks off at a specific time.
This could also easily be a job initiated from somewhere else coming INTO your machine. Network OPS should give you more information like what port it is and what direction the data transfer appears to be going in [Course the direction doesn't necessarily indicate what side started the transfer]. Once you have the port number, you could kick off a spoop/tcpdump/snort session say a couple of minutes before the transfer starts looking specifically for the port Network OPS gives you but only collect say the first 100 or so packets. Then you know the remote machine involved and who intiated the transfer e.g. which side sent the SYN packet - assuming its a TCP related service.
