Excessive network traffic -
debian at herakles.homelinux.org
Thu Nov 29 00:28:19 UTC 2007
Ed Greshko wrote:
>> 14:48:19.063647 arp who-has 10.9.226.129 tell 220.127.116.11
> The above are ARP broadcast packets. ARP stands for Address Resolution
> It is a bit strange to see these in your network since ARP broadcast packets
> aren't supposed to survive past the subnet they are transmitted on. The
> purpose of the ARP request is to get the MAC address of a given IP address.
> Taking one line of your output above...
> 14:48:10.668593 arp who-has 18.104.22.168 tell 22.214.171.124
> The source of the ARP message is 126.96.36.199. It is sending out a broadcast
> message asking "Who ever has IP address of 188.8.131.52, please respond
> with your MAC address".
> You aren't seeing the response...but if you had you'd see something like:
> 07:27:51.893480 arp reply 184.108.40.206 is-at 00:30:6e:c7:63:8f
> These packets are coming into your network. They are 42 bytes long. You'd
> have to have a whole heck of a lot of these to drive up your network usage.
> In any case, they are inbound and not associated with any requests from
> your side so it is unlikely that the ISP is counting these as your traffic.
I have seen this kind of thing.
we were using a four-port ADSL switch/router. Ordinarily, one uses it to
manage the Internet connexion, and plugs up to four computers into it.
I think what I tried to do is put it into bridging mode, attach it to
(say) eth0, run rp-ppp (or similar) on eth0 _and_ give eth0 an IP
address so it could talk to other computers on the eth0 network.
I had a reason to run tcpdump and did not like what I saw, so I reverted
to a more conventional configuration.
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
You cannot reply off-list:-)
More information about the fedora-list