Excessive network traffic -

Bob Goodwin bobgoodwin at wildblue.net
Wed Nov 28 21:07:09 UTC 2007 

John Summerfield wrote:
>
> tcpdump -i eth1 -w /tmp/trace -s 9999 port 53
>
> After a while,
> ^C
> then
> tcpdump -r /tmp/trace <and whatever the man page suggests and you find 
> attactive> | less
>
>

Looking at port 53 produced nothing in half an hour with only tcpdump 
running so I assume wireshark or iptraf was causing the dns messages.  
However I can see a lot of data if I don't limit it to a particular 
port.  Interpreting the data is another matter.

Apparently eth1 is a slow NIC but that's ok for what I'm doing ...  It 
seems to me I should be able to stir up some activity with another 
computer, this one [box6], and see something happen in the tcpdump data 
stream [on box10].  How can I identify data for my system?  Presumably 
most of what I am seeing is data directed at other subscribers. 

So I've got all this data and don't know how to deal with it.  Any help 
appreciated.


tcpdump -r /tmp/trace

reading from file /tmp/trace, link-type EN10MB (Ethernet)
14:48:00.580934 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:00.581241 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:05.034887 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:05.035318 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:06.038873 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:06.039296 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:08.399597 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:08.400263 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:09.448529 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:09.449413 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:10.668593 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:10.669371 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:13.233549 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:13.234232 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:15.694350 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:15.694784 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:17.243791 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:17.244236 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1


Bob Goodwin

More information about the fedora-list mailing list