Some weirdness...100% cpu & 500+KB inbound..Help

clc2112

Registered
My system: 10.4.2 / 667 ti
has suddenly started working like a dog. I just rebooted to verify and am seeing the following..

100% cpu (menumeters)
550k - 1000k KB/s Rx on en0 (menumeters)
#top -o cpu
Code:
Processes:  57 total, 4 running, 53 sleeping... 177 threads            20:17:37
Load Avg:  3.02, 3.28, 2.35     CPU usage:  27.8% user, 72.2% sys, 0.0% idle
SharedLibs: num =  148, resident = 30.0M code, 3.74M data, 6.17M LinkEdit
MemRegions: num =  5633, resident = 97.6M + 10.8M private, 62.1M shared
PhysMem:  64.3M wired, 93.7M active,  157M inactive,  315M used,  708M free
VM: 3.74G + 98.3M   14929(2) pageins, 0(0) pageouts  

  PID COMMAND      %CPU   TIME   #TH #PRTS #MREGS RPRVT  RSHRD  RSIZE  VSIZE
    0 kernel_tas  36.7%  5:30.61  37     2  1512  11.6M+    0K  52.4M+  861M+
   45 mDNSRespon  24.7%  7:32.56   3    32    26   328K   932K  1.09M  27.9M 
  211 Terminal    13.7%  0:32.06   4    97   132  8.45M+ 8.17M  13.7M+  110M 
   65 WindowServ   8.8%  0:36.32   2   267   456  4.15M  22.6M+ 25.2M+  118M+
  216 top          8.0%  0:59.62   1    29    22   620K   372K  1.04M  26.9M 
  250 Syndicatio   2.4%  0:00.70   4    73    51  1.79M- 2.46M  3.56M+ 39.3M+
  184 SystemUISe   0.5%  0:10.30   2   223   179  3.24M  7.05M  7.23M+  103M
Code:
$ uptime
20:20  up 21 mins, 2 users, load averages: 2.64 3.14 2.47
Anybody have a clue what's goin on?

Thanks,
Calvin
 

Viro

Registered
It could be that you're having trouble connecting to the network. That's my guess, since one of the processes deals with DNS responses. Could be trying to resolve some DHCP connection? If that is the case, perhaps using a fixed IP would help or check your router.
 

fryke

Moderator
Staff member
Mod
Or there could be an infected PC in your network that bombs you somehow...
 

clc2112

Registered
Well...I am in a large hotel. i have been here 3 wks with no problem, it just started this evening.

After turning on my firewall and loagging all transactions, the ovewhelming entry is: (parsed through a perl script)

kernel[0]: ipfw: 35000 Deny UDP 192.168.57.39:1900 239.255.255.250:1900 in via en0

The above appears over 1000 times in a 30 min span.

Code:
#ifconfig -a
inet 172.16.3.136 netmask 0xfffff800 broadcast 172.16.7.255
Everything is being denyed but that mDNSresponder is pegging my CPU. and my incoming bandwidth is still at 500kb/s

Anything I can do temporarily besides unpluggin my network cable?

Thanks,

Calvin
 

Viro

Registered
Sounds like Fryke may be right. There could be an infected PC on the network, sending out loads of packets.

I don't think there is anything you can do about it, your firewall is already working, denying all the unwanted packets. You could try to track down the machine that is sending out all these packets.
 

clc2112

Registered
since the mDNSresponder seemed to be the problem process.


/usr/sbin root# mv mDNSResponder mDNSResponder.RENAMED

I Moved it to another name and killed the current process. The cpu imeediately dropped to 10% from 100% and the rx on en0 went from 1.1mb to 0.

mail and web services seem to work fine. I will wait a couple days change it back, reboot and see what happens...finding the offending IP may be difficult. the hotel issues 172.x and the offender is a 192.168.x.

Another bad thing is, when I plugged my windows laptop in it was not affected at all...

calvin
 
Top