Excessive network traffic -

John Summerfield debian at herakles.homelinux.org
Thu Nov 29 00:28:19 UTC 2007


Ed Greshko wrote:

>> 14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1
> 
> The above are ARP broadcast packets.  ARP stands for Address Resolution
> Protocol.
> 
> It is a bit strange to see these in your network since ARP broadcast packets
> aren't supposed to survive past the subnet they are transmitted on.  The
> purpose of the ARP request is to get the MAC address of a given IP address.
>  Taking one line of your output above...
> 
> 14:48:10.668593 arp who-has 70.41.115.191 tell 70.41.112.1
> 
> The source of the ARP message is 70.41.112.1.  It is sending out a broadcast
> message asking "Who ever has IP address of 70.41.115.191, please respond
> with your MAC address".
> 
> You aren't seeing the response...but if you had you'd see something like:
> 
> 07:27:51.893480 arp reply 70.41.115.191 is-at 00:30:6e:c7:63:8f
> 
> These packets are coming into your network.  They are 42 bytes long.  You'd
> have to have a whole heck of a lot of these to drive up your network usage.
>  In any case, they are inbound and not associated with any requests from
> your side so it is unlikely that the ISP is counting these as your traffic.


I have seen this kind of thing.

we were using a four-port ADSL switch/router. Ordinarily, one uses it to 
manage the Internet connexion, and plugs up to four computers into it.

I think what I tried to do is put it into bridging mode, attach it to 
(say) eth0, run rp-ppp (or similar) on eth0 _and_ give eth0 an IP 
address so it could talk to other computers on the eth0 network.

I had a reason to run tcpdump and did not like what I saw, so I reverted 
to a more conventional configuration.






-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)




More information about the fedora-list mailing list