FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-11-2009, 10:08 PM
T o n g
 
Default Unknown network traffic (Conclusion)

> I've tried all the network bandwidth monitoring tools that I know to find
> out the unknown network traffic I'm having now . . .

As for tools to further analysis the traffic,

Both Allen Kistler @gmail.com & Javier Barroso @comp.os.linux.networking
suggested tcpdump and wireshark, which are pretty much the standard tools
for capturing and dissecting traffic.

Chris Davies @comp.os.linux.networking suggested tshark (the console version
of wireshark) and showed its usage as well (thanks!):

tshark -nlp -i eth0

James Youngman @gnu.org suggested to run

tcpdup -n -i eth0

although I didn't find where the executable comes from.

> My normal network bandwidth is almost 0. Now, with 1.95Kb outbound and
> 4.71Kb inbound, I don't know what's exactly going on with my network.

As for analyzing the cause of the unknown traffic,

> bps % desc
> 107.2 0% icmp unreach port 192.168.0.100 -> 119.40.7.39
> 107.2 0% icmp unreach port 192.168.0.100 -> 122-121-216-117
> 107.2 0% icmp unreach port 192.168.0.100 -> 17
> 107.2 0% icmp unreach port 192.168.0.100 -> 220-136-240-189
> 108.5 0% icmp unreach port 192.168.0.100 -> 227
> 105.4 0% icmp unreach port 192.168.0.100 -> 77.81.248.210
> 105.4 0% icmp unreach port 192.168.0.100 -> 83-157-127-150
> . . .

Both James Youngman @gnu.org and Eric Pozharski @comp.os.linux.networking
explained the actual meaning of "icmp unreach port":

... these ICMP port-unreachable errors indicate that the remote systems are
trying to communicate with a network port you're not listening on.

... those hosts attempt to open port on yours address...; then, since you
(supposedly) don't have those services enabled on your host, yours kernel
REJECTs them (that's what "icmp unreach port" means).

Knowing this, I feel much relieved.

> First of all, these are very small numbers. This almost certainly is
> not a summary of what's using up all your bandwidth (if that's indeed
> happening).

The explanation for this is that I didn't list all the traffic. There are
many and they do add up to all my bandwidth.

The actual reason, I think, is that I've used a Bittorrent client
before. But it was *hours* before -- didn't expect the Bittorrent clients
on other side were so persistent...

Thanks again to everybody!

Cheers

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 06:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org