Excessive network traffic -

John Summerfield debian at herakles.homelinux.org
Thu Nov 29 00:28:19 UTC 2007

Ed Greshko wrote:

>> 14:48:19.063647 arp who-has tell
> The above are ARP broadcast packets.  ARP stands for Address Resolution
> Protocol.
> It is a bit strange to see these in your network since ARP broadcast packets
> aren't supposed to survive past the subnet they are transmitted on.  The
> purpose of the ARP request is to get the MAC address of a given IP address.
>  Taking one line of your output above...
> 14:48:10.668593 arp who-has tell
> The source of the ARP message is  It is sending out a broadcast
> message asking "Who ever has IP address of, please respond
> with your MAC address".
> You aren't seeing the response...but if you had you'd see something like:
> 07:27:51.893480 arp reply is-at 00:30:6e:c7:63:8f
> These packets are coming into your network.  They are 42 bytes long.  You'd
> have to have a whole heck of a lot of these to drive up your network usage.
>  In any case, they are inbound and not associated with any requests from
> your side so it is unlikely that the ISP is counting these as your traffic.

I have seen this kind of thing.

we were using a four-port ADSL switch/router. Ordinarily, one uses it to 
manage the Internet connexion, and plugs up to four computers into it.

I think what I tried to do is put it into bridging mode, attach it to 
(say) eth0, run rp-ppp (or similar) on eth0 _and_ give eth0 an IP 
address so it could talk to other computers on the eth0 network.

I had a reason to run tcpdump and did not like what I saw, so I reverted 
to a more conventional configuration.



-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice

You cannot reply off-list:-)

More information about the fedora-list mailing list