Bob Goodwin wrote:
Les Mikesell wrote:
Bob Goodwin wrote:
Below is about thirty seconds of data recorded at the RJ45 connector
on my Wildblue receiver/modem. The computer I'm using to test with
is a new F8 installation [192.168.1.10] and I don't know that it does
anything F7 didn't do but I see continuous activity, apparently the
result of DNS activity, since it is to the Wildblue DNS server on
port 53. Is that normal? 60 bytes doesn't amount to much of a days
usage but still it is consuming bw.
Bob Goodwin
Mon Nov 26 12:30:19 2007; UDP; eth1; 63 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
Mon Nov 26 12:30:24 2007; UDP; eth1; 60 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
Mon Nov 26 12:30:29 2007; UDP; eth1; 60 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
Mon Nov 26 12:30:34 2007; UDP; eth1; 60 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
Mon Nov 26 12:30:39 2007; UDP; eth1; 60 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
Mon Nov 26 12:30:44 2007; UDP; eth1; 60 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
Mon Nov 26 12:30:49 2007; UDP; eth1; 60 bytes; from
192.168.1.10:32771 to 12.189.32.61:53
It's normal if you have some reason to be looking up names. Try
running tcpdump or wireshark so you can see more about the request.
It seems odd that you don't see any responses coming back. Does the
modem deal with the private address/NAT for you?
I can't make any sense out of Wireshark at all. Data shoots past like a
machine gun! And I can't seem to find how to save it to a log?
tcpdump -i eth1 -w /tmp/trace -s 9999 port 53
After a while,
^C
then
tcpdump -r /tmp/trace <and whatever the man page suggests and you find
attactive> | less
The Wildblue subscriber device is just a box with some flashing lights
and a an ethernet connector. It normally feeds a Netgear wireless
router however I have box10 connected to an ethernet hub inserted
between the Wildblue device and the router via a cable. So it should be
seeing everything passing that point.
My problem is I really don't know how to interpret the data or for that
matter what Wildblue is counting as my usage? Usage is what the
exercise is really about ... I allowed a limited amount of bandwidth.
Round here IAPs don't count traffic within their own network; I would
expect that to apply for you too.
"It's normal if you have some reason to be looking up names." Yes, I
figured that but the box is otherwise idle except for running iptraf and
wireshark, perhaps they are doing DNS lookups?
Possibly resolving IP addresses in the traffic you're analysing?
Presently my signal is blocked with a rain shower, can't send!
With global warming and all, we're having less of that now:-(
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
