[Bro] High-CPU on just a single worker in the cluster
Azoff, Justin S
jazoff at illinois.edu
Thu Apr 14 07:41:00 PDT 2016
> On Apr 14, 2016, at 9:55 AM, Dave Crawford <bro at pingtrip.com> wrote:
> You may be on to something with the non-ip traffic... there is a drastic difference between the two datacenters:
> 1460641772.239436 pkts=10414545 kpps=208.2 kbytes=5732528 mbps=938.6 nic_pkts=10414545 nic_drops=0 u=104675 t=3627503 i=307 o=405 nonip=6681655
> 1460641723.573448 pkts=9553569 kpps=178.9 kbytes=6561123 mbps=1006.6 nic_pkts=9553569 nic_drops=0 u=174140 t=9373195 i=267 o=934 nonip=5033
Great.. just what I was thinking. At this point you should be able to just run something like
tcpdump -n -c 1000 'not ip'
on the WIN box
and see exactly what this traffic is.. then we can figure out what to do about it...
- Justin Azoff
More information about the Bro