0

I have 2 servers running in AWS, both are running Redis and the Data-Dog client. I just looked at our bill and see that we had 800GB of NetworkOut data. I've narrowed down the traffic to these 2 machines specifically, each one is doing about 10GB of traffic / day. I'm not sure why at this point and need to figure out to determine what this data is.

Could you suggest some techniques or applications that would help me determine which applications would be exfiling data, and perhaps to where.

For the record the data we store in redis on these machines is nothing more than a sequence number for synchronizing processing across several other machines, it is a single int x about 100k keys.

EDIT

I should mention that our inbound firewall settings only allow Inbound communications from the IP block we own. I dont have any reason to suspect anything nefarious is happening, but I need to track it down to see if we can reduce it.

We've considered just setting up a tcpdump for outbound data but we have very small HDs on these instances, so there is a concern about filling them up too quickly.

stambata
  • 1,598
  • 3
  • 13
  • 18
Wjdavis5
  • 121
  • 1
  • 9
  • You can prevent outgoing network traffic with a security group or NACL. That doesn't solve the problem, but it's a band aid. You can't prevent responses to incoming requests using security groups as they're stateful, but you can with NACLs. – Tim Sep 09 '16 at 00:04

1 Answers1

0

Attach an additional EBS volume to the instance. You can do this without incurring any downtime. Then format the block device, mount it, and use that to store tcpdump data.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Thanks, I did run the dump for about 20 minutes and, other than my ssh traffic, the only traffic I see is redis-sentinel, and lots of it. I'm going to jump over to the redis mailing list. – Wjdavis5 Sep 08 '16 at 18:26