Date: 7 Mar 2001 11:31:46 MET From: Johan Petersson <kjep@usa.net> To: freebsd-questions@freebsd.org Subject: Strange network traffic Message-ID: <20010307103147.25855.qmail@nwcst292.netaddress.usa.net>
next in thread | raw e-mail | index | archive | help
Hi everyone, I'm seeing a lot of network traffic on my LAN even when the computers are idle. To me it looks like some sort of keepalive or pinging, but with several packages per second. Here is the output from tcpdump: root@hawk:/home/johan$ tcpdump -i ep0 -N tcpdump: listening on ep0 11:12:15.754180 hawk.ssh > eagle.3013: . ack 3581473918 win 17520 11:12:15.754453 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:15.924171 hawk.netbios-ssn > eagle.3010: . ack 3543040564 win 17520= 11:12:15.924444 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) 11:12:16.234177 hawk.ssh > eagle.3013: . ack 1 win 17520 11:12:16.234450 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:16.404180 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 11:12:16.404462 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) 11:12:16.714184 hawk.ssh > eagle.3013: . ack 1 win 17520 11:12:16.714458 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:16.884176 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 11:12:16.884468 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) 11:12:17.194184 hawk.ssh > eagle.3013: . ack 1 win 17520 11:12:17.194466 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:17.364323 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 11:12:17.364602 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) ^C 22 packets received by filter 0 packets dropped by kernel This traffic just goes on and on forever, with a few seconds pause every now and then. The computer "hawk" is running FreeBSD 4.1 and "eagle" is running Windows 2000. "Hawk" is used as a file server with Samba 2.0.7, but no files or directories where used/opened during the tcpdump, actually the machines had been left idle for a while. The same goes for the ssh connection from "eagle" to "hawk", it was just sitting there without any inputs. = There is one more server on the LAN, running FreeBSD 2.2.6 and Samba 1.9.18p10, but there does not seem to be a lot of idle traffic to/from that one. I first noticed this traffic when I saw that the LEDs on my hub where always flashing even when I didn't do anything. I guess some idle traffic is normal, but to me this looks strange. I didn't know what other information to include and I don't want to flood the list with a lot of useless stuff, so please ask me if you need more information. Do you think this traffic is normal, and if not is there anything I can do about it? Please CC a copy of your reply to my email address since I don't subscribe to the list. Thank you for your time and help. Regards Johan Petersson ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=3D= 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010307103147.25855.qmail>