Re: Excessive network traffic -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bob Goodwin wrote:
Mon Nov 26 12:30:44 2007; UDP; eth1; 60 bytes; from 192.168.1.10:32771 to 12.189.32.61:53 Mon Nov 26 12:30:49 2007; UDP; eth1; 60 bytes; from 192.168.1.10:32771 to 12.189.32.61:53
It's normal if you have some reason to be looking up names. Try running tcpdump or wireshark so you can see more about the request. It seems odd that you don't see any responses coming back. Does the modem deal with the private address/NAT for you?
I can't make any sense out of Wireshark at all. Data shoots past like a machine gun! And I can't seem to find how to save it to a log?
Tcpdump will show enough to make sense of dns requests - but assuming you are running the GUI for wireshark, just hit 'capture' from the top menu, then interfaces, then start on the interface you want. Expand the window so you can see more in the bottom 2 panes. When you stop the capture you can go back and select/sort the entries in the upper pane and get decoded info in the bottom 2. Click the triangles in the middle pane to expand the network layers of the selected packet and select them to see the contents in the lower pane.
The Wildblue subscriber device is just a box with some flashing lights and a an ethernet connector. It normally feeds a Netgear wireless router however I have box10 connected to an ethernet hub inserted between the Wildblue device and the router via a cable. So it should be seeing everything passing that point.
OK, then your private address sending to a public address would be normal at that point.
My problem is I really don't know how to interpret the data or for that matter what Wildblue is counting as my usage? Usage is what the exercise is really about ... I allowed a limited amount of bandwidth.
You probably want to run a caching nameserver to speed things up and reduce this traffic.
"It's normal if you have some reason to be looking up names." Yes, I figured that but the box is otherwise idle except for running iptraf and wireshark, perhaps they are doing DNS lookups? 

Yes, they would be trying to do reverse lookups on IP addresses for display.


Presently my signal is blocked with a rain shower, can't send!


That explains the lack of response to the requests.

---
  Les Mikesell
  lesmikesell@xxxxxxxxx
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux