Re: Excessive network traffic -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Summerfield wrote:

tcpdump -i eth1 -w /tmp/trace -s 9999 port 53

After a while,
^C
then
tcpdump -r /tmp/trace <and whatever the man page suggests and you find attactive> | less



Looking at port 53 produced nothing in half an hour with only tcpdump running so I assume wireshark or iptraf was causing the dns messages. However I can see a lot of data if I don't limit it to a particular port. Interpreting the data is another matter.

Apparently eth1 is a slow NIC but that's ok for what I'm doing ... It seems to me I should be able to stir up some activity with another computer, this one [box6], and see something happen in the tcpdump data stream [on box10]. How can I identify data for my system? Presumably most of what I am seeing is data directed at other subscribers. So I've got all this data and don't know how to deal with it. Any help appreciated.


tcpdump -r /tmp/trace

reading from file /tmp/trace, link-type EN10MB (Ethernet)
14:48:00.580934 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:00.581241 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:05.034887 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:05.035318 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:06.038873 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:06.039296 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:08.399597 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:08.400263 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:09.448529 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:09.449413 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:10.668593 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:10.669371 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:13.233549 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:13.234232 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:15.694350 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:15.694784 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:17.243791 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:17.244236 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1


Bob Goodwin




--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux