Web Hosting Talk : Web Hosting Main Forums : Managed Hosting and Services : Personal Review: Serverpronto

[kur1j]

I ordered the 29.99 dollar a month server from server pronto about 9PM Tuesday night, and within 5 hours I had an email saying that the server was setup and ready to go.

The good:

The server is supposed to be a freeBSD 6.0, AMD 2000+, 512MB ram, 40GB hdd. When I got the machine it was a freeBSD 6.0, 2600+ Sempron, 512MB ram, 40GB hdd. So a free CPU upgrade is kinda cool.

The network has been stable for as long as I have used it (3 days but seems fairly quick and responsive).

The bad:

No bandwidth monitoring at all so you have no idea of how much bandwidth you have used. Majority of places have some type of bandwidth monitor for your server in the account control panel. So you have to setup something for your self (which I am still working on as I havn't had to do it before).

The network: I am not sure if its just a bad setup or what but when I run netstat and the only connection to the machine is my SSH connection, the machine is downloading stuff at 2-10kbps almost constantly (monitoring it under bmon).

I am not sure if this is across the whole network with all of the servers on the network or if its just the switch my server is on (If anyone has a server with serverpronto could someone check the server and see if they are having the same results please)

As a company serverpronto seems to be fairly decent and as of yet no down times, as far as I can tell.

[dspillettt]

Quote:

Originally Posted by kur1j

The network: I am not sure if its just a bad setup or what but when I run netstat and the only connection to the machine is my SSH connection, the machine is downloading stuff at 2-10kbps almost constantly (monitoring it under bmon).

Depending on what you are running and how large a terminal window you have, a SSH session could easily explain between 2 and 10Kb/s. Is the software you are monitoring the bandwidth with constantly updating the display?

10Kbyte/s is about 26Gb/month, so it is worth looking into in more detail if you are on a 200Gb plan... Try running something that will log network usege in the background - then you can log off (or leave the SSH link completely idle) and see if the usage persists.

Your problem could be network noise from worms, brute-force logins, spiders and so forth - but I would expect that to be very bursty (i.e. notihng for a while, then a small chunk of activity, then nothing again).

[kur1j]

Quote:

Originally Posted by dspillettt

Depending on what you are running and how large a terminal window you have, a SSH session could easily explain between 2 and 10Kb/s. Is the software you are monitoring the bandwidth with constantly updating the display?

10Kbyte/s is about 26Gb/month, so it is worth looking into in more detail if you are on a 200Gb plan... Try running something that will log network usege in the background - then you can log off (or leave the SSH link completely idle) and see if the usage persists.

Your problem could be network noise from worms, brute-force logins, spiders and so forth - but I would expect that to be very bursty (i.e. notihng for a while, then a small chunk of activity, then nothing again).

The only way I am checking the stuff is bmon which does refresh constantly but I do not think that it could be causing 10kb/s of incoming traffic. I could maybe see it if it was 10kb/s on the outgoing traffic.

I was going to try and figure out what was going on as its a good amount of BW as you said. But the thing that is on netstat I see NO connections other than my SSH connection and what looks like internal mysql connections (I have also stopped apache/mysql/php so there shouldnt be any traffic on the box at all other than my SSH connection).

The machine has been updated to the latest security patch as well. What software are you talking about doing the logging? I was going to try and setup MRTG but on the website it doesnt look like what I am wanting (other than displaying only current usage instead of the total amount).

The only thing I am assuming that could be causing this is some kinda process that is running, but even then it would still show some kinda connection in netstat.

[samdax]

No bandwidth monitoring at all ...
it is almost normal for every providers, you have to install MRTG by yourself.
anyway
for that price ... looks like good review

[kur1j]

well this is what I have come up with so far...I do not believe that it is my server causing the majority of this traffic (if any). 71.202.114.80 IP is some verizon connection and the 64.251.22.255 seems to be somewhere in the serverpronto DC. My Ip of my server is listed maybe once and it is my SSH.


The below is when the machine is having about 9-10KB/s on the INBOUND on the network card.

sp2812b# tcpdump -ni vr0 -c 50
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
19:18:31.806878 IP 69.60.115.34.22 > 216.231.184.30.3127: P 253858498:253858694(196) ack 1126425930 win 65535
19:18:31.811438 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.816548 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.821936 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.828244 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.833374 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.839176 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.844045 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.850148 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.857110 IP 216.231.184.30.3127 > 69.60.115.34.22: . ack 196 win 65151
19:18:31.857226 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.862376 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.868617 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.874003 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.879917 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.886501 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.892401 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.900511 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.906114 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.910732 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.916684 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.922865 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.927930 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.932966 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.938969 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.943892 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.950197 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.956011 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.960794 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.966533 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.971371 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.977127 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.982162 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.988606 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.993582 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:31.998629 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.003547 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.010723 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.016417 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.021265 arp who-has 69.60.117.170 tell 69.60.120.1
19:18:32.027213 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.032528 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.038768 arp who-has 69.60.114.97 tell 69.60.120.1
19:18:32.042790 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.048100 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.055361 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.060288 IP 71.202.114.80 > 64.251.22.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.068139 arp who-has 69.60.119.228 tell 69.60.120.1
19:18:32.071026 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
19:18:32.076880 IP 71.202.114.80 > 64.251.14.255: ICMP echo request, id 0, seq 0, length 28
50 packets captured
179 packets received by filter
0 packets dropped by kernel


Again the majority of the IP is NOT the IP of my server.

Below is the output of the tcpdump when it is around 1-3KB/s.

sp2812b# tcpdump -ni vr0 -c 50
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
19:09:00.663032 IP 69.60.115.34.22 > 216.231.184.30.3127: P 253829458:253829654(196) ack 1126421114 win 65535
19:09:00.758857 IP 216.231.184.30.3127 > 69.60.115.34.22: . ack 196 win 65203
19:09:00.852259 arp who-has 69.60.115.108 tell 69.60.120.1
19:09:00.954250 arp who-has 69.60.123.39 tell 69.60.120.1
19:09:00.967572 arp who-has 69.60.123.78 tell 69.60.120.1
19:09:00.973891 IP 69.219.190.97.2055 > 69.60.122.3.445: S 2179509313:2179509313(0) win 64240 <mss 1452,nop,nop,sackOK>
19:09:00.973893 arp who-has 69.60.120.1 tell 69.60.122.3
19:09:01.052487 arp who-has 69.60.123.215 tell 69.60.120.1
19:09:01.058438 arp who-has 69.60.114.203 tell 69.60.120.1
19:09:01.116738 arp who-has 69.60.119.33 tell 69.60.120.1
19:09:01.152544 arp who-has 69.60.120.226 tell 69.60.120.1
19:09:01.237876 IP 69.60.116.130.138 > 69.60.119.255.138: NBT UDP PACKET(138)
19:09:01.237922 IP 69.60.116.130.138 > 69.60.119.255.138: NBT UDP PACKET(138)
19:09:01.237982 IP 69.60.114.248.138 > 69.60.115.255.138: NBT UDP PACKET(138)
19:09:01.237996 IP 69.60.114.248.138 > 69.60.115.255.138: NBT UDP PACKET(138)
19:09:01.352785 arp who-has 69.60.123.56 tell 69.60.120.1
19:09:01.356878 arp who-has 69.60.120.102 tell 69.60.120.1
19:09:01.371065 arp who-has 69.60.121.170 tell 69.60.120.1
19:09:01.419833 arp who-has 69.60.121.171 tell 69.60.120.1
19:09:01.454958 arp who-has 69.60.114.124 tell 69.60.120.1
19:09:01.552725 arp who-has 69.60.123.104 tell 69.60.120.1
19:09:01.557952 arp who-has 69.60.119.32 tell 69.60.120.1
19:09:01.663101 IP 69.60.115.34.22 > 216.231.184.30.3127: . 196:1656(1460) ack 1 win 65535
19:09:01.754407 arp who-has 69.60.121.73 tell 69.60.120.1
19:09:01.786754 02:01:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype Unknown (0x886f), length 60:
0x0000: c001 dec0 0402 0000 0100 0000 0000 0000 ................
0x0010: 0000 0000 0103 0000 0000 0000 7300 7000 ............s.p.
0x0020: 3200 3600 3600 3800 0000 0000 0101 2.6.6.8.......
19:09:01.906041 arp who-has 69.60.123.254 tell 69.60.120.1
19:09:01.918606 IP 216.231.184.30.3127 > 69.60.115.34.22: . ack 1656 win 65535
19:09:01.918644 IP 69.60.115.34.22 > 216.231.184.30.3127: P 1656:1768(112) ack 1 win 65535
19:09:01.946791 arp who-has 69.60.123.191 tell 69.60.120.1
19:09:01.952498 arp who-has 69.60.115.108 tell 69.60.120.1
19:09:01.957963 arp who-has 69.60.116.166 tell 69.60.120.1
19:09:02.016175 IP 216.231.184.30.3127 > 69.60.115.34.22: P 1:53(52) ack 1768 win 65423
19:09:02.052069 arp who-has 69.60.123.78 tell 69.60.120.1
19:09:02.082363 arp who-has 69.60.119.60 tell 69.60.120.1
19:09:02.115886 IP 69.60.115.34.22 > 216.231.184.30.3127: . ack 53 win 65535
19:09:02.152582 arp who-has 69.60.119.33 tell 69.60.120.1
19:09:02.156676 arp who-has 69.60.114.203 tell 69.60.120.1
19:09:02.161257 arp who-has 69.60.123.215 tell 69.60.120.1
19:09:02.187027 arp who-has 64.251.14.152 tell 69.60.120.1
19:09:02.252098 arp who-has 69.60.120.226 tell 69.60.120.1
19:09:02.452081 arp who-has 69.60.121.171 tell 69.60.120.1
19:09:02.456175 arp who-has 69.60.121.170 tell 69.60.120.1
19:09:02.460357 arp who-has 69.60.120.102 tell 69.60.120.1
19:09:02.464760 arp who-has 69.60.123.56 tell 69.60.120.1
19:09:02.495327 IP6 fe80::211:9ff:fe68:b8d2 > ff02::1:ff00:193: ICMP6, neighbor solicitation, who has 2001:610:240:0:53::193, length 32
19:09:02.655069 arp who-has 69.60.123.104 tell 69.60.120.1
19:09:02.663031 IP 69.60.115.34.22 > 216.231.184.30.3127: . 1768:3228(1460) ack 53 win 65535
19:09:02.663041 IP 69.60.115.34.22 > 216.231.184.30.3127: P 3228:3692(464) ack 53 win 65535
19:09:02.666955 arp who-has 69.60.122.110 tell 69.60.120.1
19:09:02.693922 IP 216.209.243.21.4993 > 69.60.114.88.135: S 2520052051:2520052051(0) win 8760 <mss 1460,nop,nop,sackOK>
50 packets captured
75 packets received by filter
0 packets dropped by kernel


I am curious if serverpronto is marking this as bandwidth I have actually used. If they are, this has produced almost 700MB worth of traffic in the past 19 hours which is not cool.

Any suggestions on what I should do?