|
|
系统是Red Hat AS4最近老是掉线,每隔一小时掉一次线,每次掉个几秒钟又好了,一直这样循环,网上查了好多资料还是没有解决! 我换了FC4也出现同样的情况,我怀疑中arp病毒了!
希望好心人给一个解决方案 非常感谢!
我贴出一些日志!
[root@Server etc]# less /var/log/messages
May 29 12:23:43 Server last message repeated 2 times
May 29 12:24:02 Server kernel: printk: 2 messages suppressed.
May 29 12:27:26 Server kernel: printk: 2 messages suppressed.
May 29 12:27:27 Server kernel: printk: 1 messages suppressed.
May 29 12:27:33 Server kernel: printk: 6 messages suppressed.
May 29 12:27:38 Server kernel: printk: 3 messages suppressed.
May 29 12:27:42 Server kernel: printk: 3 messages suppressed.
May 29 12:27:49 Server kernel: printk: 5 messages suppressed.
May 29 13:27:16 Server kernel: printk: 1 messages suppressed.
May 29 13:27:36 Server kernel: printk: 1 messages suppressed.
May 29 19:08:09 Server sshd(pam_unix)[2887]: session opened for user root by root(uid=0)
May 29 21:51:57 Server sshd(pam_unix)[2930]: session opened for user root by root(uid=0)
May 29 21:53:04 Server kernel: eth1: Promiscuous mode enabled.
May 29 21:53:04 Server kernel: device eth1 entered promiscuous mode
May 29 21:54:49 Server kernel: device eth1 left promiscuous mode
May 29 21:58:45 Server kernel: eth1: Promiscuous mode enabled.
May 29 21:58:45 Server kernel: device eth1 entered promiscuous mode
May 29 22:00:22 Server kernel: device eth1 left promiscuous mode
May 29 22:06:33 Server kernel: eth0: Promiscuous mode enabled.
May 29 22:06:33 Server kernel: device eth0 entered promiscuous mode
May 29 22:07:24 Server kernel: device eth0 left promiscuous mode
May 29 22:07:28 Server kernel: eth1: Promiscuous mode enabled.
May 29 22:07:28 Server kernel: device eth1 entered promiscuous mode
May 29 22:08:20 Server kernel: device eth1 left promiscuous mode
May 29 22:33:19 Server kernel: eth1: Promiscuous mode enabled.
May 29 22:33:19 Server kernel: device eth1 entered promiscuous mode
May 29 22:33:53 Server kernel: device eth1 left promiscuous mode
May 29 22:37:04 Server kernel: printk: 16 messages suppressed.
May 29 22:39:43 Server kernel: printk: 1 messages suppressed.
May 29 22:39:53 Server kernel: printk: 3 messages suppressed.
May 29 22:39:58 Server kernel: printk: 3 messages suppressed.
May 29 22:40:09 Server kernel: printk: 1 messages suppressed.
May 29 22:40:27 Server kernel: printk: 1 messages suppressed.
May 29 22:40:58 Server kernel: printk: 2 messages suppressed
[root@Server etc]# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 160420547 184 792 54 194325183 0 0 7 BMRU
eth1 1500 0 196022829 518 420 166 157794117 0 0 7 BMRU
lo 16436 0 9861 0 0 0 9861 0 0 0 LRU
网卡跟踪 发现192.168.0.122有问题
5449 arp who-has 192.168.0.145 tell 192.168.0.122
22:33:22.626141 arp who-has 192.168.0.146 tell 192.168.0.122
22:33:22.636652 arp who-has 192.168.0.147 tell 192.168.0.122
22:33:22.647701 arp who-has 192.168.0.148 tell 192.168.0.122
22:33:22.658377 arp who-has 192.168.0.149 tell 192.168.0.122
22:33:22.670087 arp who-has 192.168.0.150 tell 192.168.0.122
22:33:22.680596 arp who-has 192.168.0.151 tell 192.168.0.122
22:33:22.691339 arp who-has 192.168.0.152 tell 192.168.0.122
22:33:22.702666 arp who-has 192.168.0.153 tell 192.168.0.122
22:33:22.712817 arp who-has 192.168.0.154 tell 192.168.0.122
22:33:22.723808 arp who-has 192.168.0.155 tell 192.168.0.122
22:33:22.729765 arp who-has 192.168.0.32 tell 192.168.0.253
22:33:22.734309 arp who-has 192.168.0.156 tell 192.168.0.122
22:33:22.745048 arp who-has 192.168.0.157 tell 192.168.0.122
22:33:22.756023 arp who-has 192.168.0.158 tell 192.168.0.122
22:33:22.766534 arp who-has 192.168.0.159 tell 192.168.0.122
22:33:22.777272 arp who-has 192.168.0.160 tell 192.168.0.122
22:33:22.788016 arp who-has 192.168.0.161 tell 192.168.0.122
22:33:22.799498 arp who-has 192.168.0.162 tell 192.168.0.122
22:33:22.811423 arp who-has 192.168.0.163 tell 192.168.0.122
22:33:22.821459 arp who-has 192.168.0.164 tell 192.168.0.122
22:33:22.832208 arp who-has 192.168.0.165 tell 192.168.0.122
22:33:22.842975 arp who-has 192.168.0.166 tell 192.168.0.122
22:33:22.853444 arp who-has 192.168.0.167 tell 192.168.0.122
22:33:22.864227 arp who-has 192.168.0.168 tell 192.168.0.122
22:33:22.874933 arp who-has 192.168.0.169 tell 192.168.0.122
22:33:22.885690 arp who-has 192.168.0.170 tell 192.168.0.122
22:33:22.896740 arp who-has 192.168.0.171 tell 192.168.0.122
22:33:22.907164 arp who-has 192.168.0.172 tell 192.168.0.122
22:33:22.920342 arp who-has 192.168.0.173 tell 192.168.0.122
22:33:22.930812 arp who-has 192.168.0.174 tell 192.168.0.122
22:33:22.941591 arp who-has 192.168.0.175 tell 192.168.0.122
22:33:22.954594 arp who-has 192.168.0.176 tell 192.168.0.122
22:33:22.964993 arp who-has 192.168.0.177 tell 192.168.0.122
22:33:22.975552 arp who-has 192.168.0.178 tell 192.168.0.122
22:33:22.986274 arp who-has 192.168.0.179 tell 192.168.0.122
22:33:22.998930 arp who-has 192.168.0.180 tell 192.168.0.122
22:33:23.009022 arp who-has 192.168.0.181 tell 192.168.0.122
22:33:23.019513 arp who-has 192.168.0.182 tell 192.168.0.122
22:33:23.030215 arp who-has 192.168.0.183 tell 192.168.0.122
22:33:23.040969 arp who-has 192.168.0.184 tell 192.168.0.122
22:33:23.051932 arp who-has 192.168.0.185 tell 192.168.0.122
22:33:23.068637 arp who-has 192.168.0.186 tell 192.168.0.122
22:33:23.079049 arp who-has 192.168.0.187 tell 192.168.0.122
22:33:23.089791 arp who-has 192.168.0.188 tell 192.168.0.122
22:33:23.100787 arp who-has 192.168.0.189 tell 192.168.0.122
22:33:23.111283 arp who-has 192.168.0.190 tell 192.168.0.122
22:33:23.122030 arp who-has 192.168.0.191 tell 192.168.0.122
22:33:23.132757 arp who-has 192.168.0.192 tell 192.168.0.122
22:33:23.143762 arp who-has 192.168.0.193 tell 192.168.0.122
22:33:23.156705 arp who-has 192.168.0.194 tell 192.168.0.122
22:33:23.166978 arp who-has 192.168.0.195 tell 192.168.0.122
22:33:23.177684 arp who-has 192.168.0.196 tell 192.168.0.122
22:33:23.188434 arp who-has 192.168.0.197 tell 192.168.0.122
22:33:23.199397 arp who-has 192.168.0.198 tell 192.168.0.122
22:33:23.209915 arp who-has 192.168.0.199 tell 192.168.0.122
22:33:23.221027 arp who-has 192.168.0.200 tell 192.168.0.122
22:33:23.232217 arp who-has 192.168.0.201 tell 192.168.0.122
22:33:23.242411 arp who-has 192.168.0.202 tell 192.168.0.122
22:33:23.254948 arp who-has 192.168.0.203 tell 192.168.0.122
22:33:23.268328 arp who-has 192.168.0.204 tell 192.168.0.122
22:33:23.278410 arp who-has 192.168.0.205 tell 192.168.0.122
22:33:23.289016 arp who-has 192.168.0.206 tell 192.168.0.122
22:33:23.300002 arp who-has 192.168.0.207 tell 192.168.0.122
22:33:23.312050 arp who-has 192.168.0.208 tell 192.168.0.122
22:33:23.322260 arp who-has 192.168.0.209 tell 192.168.0.122
22:33:23.333212 arp who-has 192.168.0.210 tell 192.168.0.122
22:33:23.343709 arp who-has 192.168.0.211 tell 192.168.0.122
22:33:23.355101 arp who-has 192.168.0.212 tell 192.168.0.122
22:33:23.365199 arp who-has 192.168.0.213 tell 192.168.0.122
22:33:23.375936 arp who-has 192.168.0.214 tell 192.168.0.122
22:33:23.388306 arp who-has 192.168.0.215 tell 192.168.0.122
22:33:23.398394 arp who-has 192.168.0.216 tell 192.168.0.122
22:33:23.409142 arp who-has 192.168.0.217 tell 192.168.0.122
22:33:23.431548 arp who-has 192.168.0.218 tell 192.168.0.122
22:33:23.443024 arp who-has 192.168.0.219 tell 192.168.0.122
22:33:23.453087 arp who-has 192.168.0.220 tell 192.168.0.122
22:33:23.464053 arp who-has 192.168.0.221 tell 192.168.0.122
22:33:23.474574 arp who-has 192.168.0.222 tell 192.168.0.122
22:33:23.485313 arp who-has 192.168.0.223 tell 192.168.0.122
22:33:23.496055 arp who-has 192.168.0.224 tell 192.168.0.122
22:33:23.507040 arp who-has 192.168.0.225 tell 192.168.0.122
22:33:23.517579 arp who-has 192.168.0.226 tell 192.168.0.122
22:33:23.528770 arp who-has 192.168.0.227 tell 192.168.0.122
22:33:23.539062 arp who-has 192.168.0.228 tell 192.168.0.122
22:33:23.550010 arp who-has 192.168.0.229 tell 192.168.0.122
22:33:23.560511 arp who-has 192.168.0.230 tell 192.168.0.122
22:33:23.571492 arp who-has 192.168.0.231 tell 192.168.0.122
22:33:23.582239 arp who-has 192.168.0.232 tell 192.168.0.122
22:33:23.593695 arp who-has 192.168.0.233 tell 192.168.0.122
22:33:23.604660 arp who-has 192.168.0.234 tell 192.168.0.122
22:33:23.615443 arp who-has 192.168.0.235 tell 192.168.0.122
22:33:23.626180 arp who-has 192.168.0.236 tell 192.168.0.122
22:33:23.636683 arp who-has 192.168.0.237 tell 192.168.0.122
22:33:23.647430 arp who-has 192.168.0.238 tell 192.168.0.122
22:33:23.658549 arp who-has 192.168.0.239 tell 192.168.0.122
22:33:23.667538 arp who-has 192.168.0.142 tell 192.168.0.1
22:33:23.667647 arp reply 192.168.0.142 is-at 00:11:11:1e:0f:77
22:33:23.668903 arp who-has 192.168.0.240 tell 192.168.0.122
22:33:23.679899 arp who-has 192.168.0.241 tell 192.168.0.122
22:33:23.690615 arp who-has 192.168.0.242 tell 192.168.0.122
22:33:23.703162 arp who-has 192.168.0.243 tell 192.168.0.122
22:33:23.713854 arp who-has 192.168.0.244 tell 192.168.0.122
22:33:23.724579 arp who-has 192.168.0.245 tell 192.168.0.122
22:33:23.728795 arp who-has 192.168.0.141 tell 192.168.0.253
22:33:23.736338 arp who-has 192.168.0.246 tell 192.168.0.122
22:33:23.747536 arp who-has 192.168.0.247 tell 192.168.0.122
22:33:23.757818 arp who-has 192.168.0.248 tell 192.168.0.122
22:33:23.768533 arp who-has 192.168.0.249 tell 192.168.0.122
22:33:23.779300 arp who-has 192.168.0.250 tell 192.168.0.122
22:33:23.790209 arp who-has 192.168.0.251 tell 192.168.0.122
22:33:23.801005 arp who-has 192.168.0.252 tell 192.168.0.122
22:33:23.847142 arp who-has 192.168.0.253 tell 192.168.0.122
22:33:23.857522 arp who-has 192.168.0.254 tell 192.168.0.122
22:33:23.868141 arp who-has 192.168.0.255 tell 192.168.0.122
22:33:23.945514 arp who-has 192.168.0.57 tell 192.168.0.1
22:33:23.945781 arp reply 192.168.0.57 is-at 00:e0:4f:00:24:a9
22:33:23.965125 arp who-has 192.168.0.169 tell 192.168.0.253
22:33:24.082854 arp who-has 192.168.0.189 tell 192.1
[root@Server etc]# cat /proc/net/ip_conntrack |grep 192.168.0.122
tcp 6 9 CLOSE src=192.168.0.122 dst=202.99.171.162 sport=2006 dport=6005 packets=17 bytes=748 src=202.99.171.162 dst=222.90.69.26 sport=6005 dport=2006 packets=18 bytes=22789 [ASSURED] use=1
tcp 6 67 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=1999 dport=80 packets=66 bytes=4120 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=1999 packets=119 bytes=168918 [ASSURED] use=1
tcp 6 16 TIME_WAIT src=192.168.0.122 dst=219.133.49.158 sport=1991 dport=80 packets=5 bytes=484 src=219.133.49.158 dst=222.90.69.26 sport=80 dport=1991 packets=4 bytes=164 [ASSURED] use=1
tcp 6 72 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=2002 dport=80 packets=6 bytes=1091 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=2002 packets=5 bytes=569 [ASSURED] use=1
tcp 6 119 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=2007 dport=80 packets=87 bytes=5292 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=2007 packets=139 bytes=200763 [ASSURED] use=1
tcp 6 55 SYN_SENT src=192.168.0.122 dst=202.99.171.162 sport=1997 dport=6005 packets=3 bytes=144 [UNREPLIED] src=202.99.171.162 dst=222.90.69.26 sport=6005 dport=1997 packets=0 bytes=0 use=1
tcp 6 20 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=1990 dport=80 packets=73 bytes=4612 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=1990 packets=132 bytes=189239 [ASSURED] use=1
tcp 6 64 TIME_WAIT src=192.168.0.122 dst=219.133.49.158 sport=2001 dport=80 packets=5 bytes=484 src=219.133.49.158 dst=222.90.69.26 sport=80 dport=2001 packets=4 bytes=168 [ASSURED] use=1
tcp 6 431942 ESTABLISHED src=192.168.0.122 dst=218.30.81.55 sport=1986 dport=80 packets=9 bytes=2189 src=218.30.81.55 dst=222.90.69.26 sport=80 dport=1986 packets=7 bytes=1363 [ASSURED] use=1
tcp 6 108 TIME_WAIT src=192.168.0.122 dst=219.133.49.158 sport=2008 dport=80 packets=5 bytes=484 src=219.133.49.158 dst=222.90.69.26 sport=80 dport=2008 packets=4 bytes=168 [ASSURED] use=1
udp 17 172 src=192.168.0.122 dst=219.133.49.200 sport=4001 dport=8000 packets=159 bytes=11121 src=219.133.49.200 dst=222.90.69.26 sport=8000 dport=4001 packets=155 bytes=16062 [ASSURED] use=1
tcp 6 53 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=1998 dport=80 packets=6 bytes=873 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=1998 packets=7 bytes=5101 [ASSURED] use=1
tcp 6 431999 ESTABLISHED src=192.168.0.122 dst=61.183.254.27 sport=1219 dport=3024 packets=1368 bytes=59020 src=61.183.254.27 dst=222.90.69.26 sport=3024 dport=1219 packets=1362 bytes=372513 [ASSURED] use=1
tcp 6 431984 ESTABLISHED src=192.168.0.122 dst=61.183.254.27 sport=1784 dport=2002 packets=79 bytes=4428 src=61.183.254.27 dst=222.90.69.26 sport=2002 dport=1784 packets=78 bytes=9560 [ASSURED] use=1
tcp 6 65 TIME_WAIT src=192.168.0.122 dst=202.181.203.189 sport=2000 dport=80 packets=5 bytes=508 src=202.181.203.189 dst=222.90.69.26 sport=80 dport=2000 packets=6 bytes=1170 [ASSURED] use=1
tcp 6 431942 ESTABLISHED src=192.168.0.122 dst=218.30.81.55 sport=1987 dport=80 packets=9 bytes=2124 src=218.30.81.55 dst=222.90.69.26 sport=80 dport=1987 packets=7 bytes=1358 [ASSURED] use=1
tcp 6 431993 ESTABLISHED src=192.168.0.122 dst=61.183.254.27 sport=1782 dport=3024 packets=722 bytes=33020 src=61.183.254.27 dst=222.90.69.26 sport=3024 dport=1782 packets=585 bytes=41666 [ASSURED] use=1
tcp 6 118 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=2009 dport=80 packets=8 bytes=1614 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=2009 packets=8 bytes=6601 [ASSURED] use=1
tcp 6 19 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=1992 dport=80 packets=6 bytes=891 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=1992 packets=6 bytes=5061 [ASSURED] use=1
tcp 6 431942 ESTABLISHED src=192.168.0.122 dst=218.30.81.55 sport=1989 dport=80 packets=9 bytes=2195 src=218.30.81.55 dst=222.90.69.26 sport=80 dport=1989 packets=7 bytes=1333 [ASSURED] use=1
tcp 6 431942 ESTABLISHED src=192.168.0.122 dst=218.30.81.55 sport=1988 dport=80 packets=9 bytes=2200 src=218.30.81.55 dst=222.90.69.26 sport=80 dport=1988 packets=7 bytes=1319 [ASSURED] use=1
tcp 6 85 TIME_WAIT src=192.168.0.122 dst=67.159.6.21 sport=2004 dport=80 packets=6 bytes=873 src=67.159.6.21 dst=222.90.69.26 sport=80 dport=2004 packets=7 bytes=5101 [ASSURED] use=1
tcp 6 431999 ESTABLISHED src=192.168.0.122 dst=61.183.254.27 sport=1221 dport=2002 packets=922 bytes=39028 src=61.183.254.27 dst=222.90.69.26 sport=2002 dport=1221 packets=927 bytes=96992 [ASSURED] use=1
[root@Server etc]#
希望大家帮忙,非常感谢! |
|
IP卡
狗仔卡
发表于 2006-5-29 22:51:23
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡