Excessive network traffic -
John Summerfield
debian at herakles.homelinux.org
Thu Nov 29 00:28:19 UTC 2007
Ed Greshko wrote:
>> 14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1
>
> The above are ARP broadcast packets. ARP stands for Address Resolution
> Protocol.
>
> It is a bit strange to see these in your network since ARP broadcast packets
> aren't supposed to survive past the subnet they are transmitted on. The
> purpose of the ARP request is to get the MAC address of a given IP address.
> Taking one line of your output above...
>
> 14:48:10.668593 arp who-has 70.41.115.191 tell 70.41.112.1
>
> The source of the ARP message is 70.41.112.1. It is sending out a broadcast
> message asking "Who ever has IP address of 70.41.115.191, please respond
> with your MAC address".
>
> You aren't seeing the response...but if you had you'd see something like:
>
> 07:27:51.893480 arp reply 70.41.115.191 is-at 00:30:6e:c7:63:8f
>
> These packets are coming into your network. They are 42 bytes long. You'd
> have to have a whole heck of a lot of these to drive up your network usage.
> In any case, they are inbound and not associated with any requests from
> your side so it is unlikely that the ISP is counting these as your traffic.
I have seen this kind of thing.
we were using a four-port ADSL switch/router. Ordinarily, one uses it to
manage the Internet connexion, and plugs up to four computers into it.
I think what I tried to do is put it into bridging mode, attach it to
(say) eth0, run rp-ppp (or similar) on eth0 _and_ give eth0 an IP
address so it could talk to other computers on the eth0 network.
I had a reason to run tcpdump and did not like what I saw, so I reverted
to a more conventional configuration.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the fedora-list
mailing list