Re: Excessive network traffic -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John Summerfield wrote:


tcpdump -i eth1 -w /tmp/trace -s 9999 port 53

After a while,
^C
then
tcpdump -r /tmp/trace <and whatever the man page suggests and you find attactive> | less
Looking at port 53 produced nothing in half an hour with only tcpdump running so I assume wireshark or iptraf was causing the dns messages. However I can see a lot of data if I don't limit it to a particular port. Interpreting the data is another matter.
Apparently eth1 is a slow NIC but that's ok for what I'm doing ... It seems to me I should be able to stir up some activity with another computer, this one [box6], and see something happen in the tcpdump data stream [on box10]. How can I identify data for my system? Presumably most of what I am seeing is data directed at other subscribers. So I've got all this data and don't know how to deal with it. Any help appreciated. 


tcpdump -r /tmp/trace

reading from file /tmp/trace, link-type EN10MB (Ethernet)
14:48:00.580934 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:00.581241 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:05.034887 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:05.035318 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:06.038873 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:06.039296 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:08.399597 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:08.400263 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:09.448529 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:09.449413 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:10.668593 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:10.669371 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:13.233549 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:13.234232 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:15.694350 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:15.694784 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:17.243791 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:17.244236 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1


Bob Goodwin
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux