Excessive network traffic -
John Summerfield
debian at herakles.homelinux.org
Mon Nov 26 22:17:18 UTC 2007
Bob Goodwin wrote:
> Les Mikesell wrote:
>> Bob Goodwin wrote:
>>>
>>> Below is about thirty seconds of data recorded at the RJ45 connector
>>> on my Wildblue receiver/modem. The computer I'm using to test with
>>> is a new F8 installation [192.168.1.10] and I don't know that it does
>>> anything F7 didn't do but I see continuous activity, apparently the
>>> result of DNS activity, since it is to the Wildblue DNS server on
>>> port 53. Is that normal? 60 bytes doesn't amount to much of a days
>>> usage but still it is consuming bw.
>>>
>>> Bob Goodwin
>>>
>>> Mon Nov 26 12:30:19 2007; UDP; eth1; 63 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>> Mon Nov 26 12:30:24 2007; UDP; eth1; 60 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>> Mon Nov 26 12:30:29 2007; UDP; eth1; 60 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>> Mon Nov 26 12:30:34 2007; UDP; eth1; 60 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>> Mon Nov 26 12:30:39 2007; UDP; eth1; 60 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>> Mon Nov 26 12:30:44 2007; UDP; eth1; 60 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>> Mon Nov 26 12:30:49 2007; UDP; eth1; 60 bytes; from
>>> 192.168.1.10:32771 to 12.189.32.61:53
>>
>> It's normal if you have some reason to be looking up names. Try
>> running tcpdump or wireshark so you can see more about the request.
>> It seems odd that you don't see any responses coming back. Does the
>> modem deal with the private address/NAT for you?
>>
>
> I can't make any sense out of Wireshark at all. Data shoots past like a
> machine gun! And I can't seem to find how to save it to a log?
tcpdump -i eth1 -w /tmp/trace -s 9999 port 53
After a while,
^C
then
tcpdump -r /tmp/trace <and whatever the man page suggests and you find
attactive> | less
>
> The Wildblue subscriber device is just a box with some flashing lights
> and a an ethernet connector. It normally feeds a Netgear wireless
> router however I have box10 connected to an ethernet hub inserted
> between the Wildblue device and the router via a cable. So it should be
> seeing everything passing that point.
>
> My problem is I really don't know how to interpret the data or for that
> matter what Wildblue is counting as my usage? Usage is what the
> exercise is really about ... I allowed a limited amount of bandwidth.
Round here IAPs don't count traffic within their own network; I would
expect that to apply for you too.
>
> "It's normal if you have some reason to be looking up names." Yes, I
> figured that but the box is otherwise idle except for running iptraf and
> wireshark, perhaps they are doing DNS lookups?
Possibly resolving IP addresses in the traffic you're analysing?
>
> Presently my signal is blocked with a rain shower, can't send!
With global warming and all, we're having less of that now:-(
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the users
mailing list