From owner-freebsd-questions Wed Mar 7 2:32:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nwcst292.netaddress.usa.net (nwcst292.netaddress.usa.net [204.68.23.37]) by hub.freebsd.org (Postfix) with SMTP id D437937B719 for ; Wed, 7 Mar 2001 02:31:47 -0800 (PST) (envelope-from kjep@usa.net) Received: (qmail 25856 invoked by uid 60001); 7 Mar 2001 10:31:47 -0000 Message-ID: <20010307103147.25855.qmail@nwcst292.netaddress.usa.net> Received: from 204.68.23.37 by nwcst292 for [195.58.102.60] via web-mailer() on Wed Mar 7 10:31:46 GMT 2001 Date: 7 Mar 2001 11:31:46 MET From: Johan Petersson To: freebsd-questions@freebsd.org Subject: Strange network traffic X-Mailer: USANET web-mailer () Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi everyone, I'm seeing a lot of network traffic on my LAN even when the computers are idle. To me it looks like some sort of keepalive or pinging, but with several packages per second. Here is the output from tcpdump: root@hawk:/home/johan$ tcpdump -i ep0 -N tcpdump: listening on ep0 11:12:15.754180 hawk.ssh > eagle.3013: . ack 3581473918 win 17520 11:12:15.754453 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:15.924171 hawk.netbios-ssn > eagle.3010: . ack 3543040564 win 17520= 11:12:15.924444 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) 11:12:16.234177 hawk.ssh > eagle.3013: . ack 1 win 17520 11:12:16.234450 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:16.404180 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 11:12:16.404462 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) 11:12:16.714184 hawk.ssh > eagle.3013: . ack 1 win 17520 11:12:16.714458 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:16.884176 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 11:12:16.884468 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) 11:12:17.194184 hawk.ssh > eagle.3013: . ack 1 win 17520 11:12:17.194466 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) 11:12:17.364323 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 11:12:17.364602 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) ^C 22 packets received by filter 0 packets dropped by kernel This traffic just goes on and on forever, with a few seconds pause every now and then. The computer "hawk" is running FreeBSD 4.1 and "eagle" is running Windows 2000. "Hawk" is used as a file server with Samba 2.0.7, but no files or directories where used/opened during the tcpdump, actually the machines had been left idle for a while. The same goes for the ssh connection from "eagle" to "hawk", it was just sitting there without any inputs. = There is one more server on the LAN, running FreeBSD 2.2.6 and Samba 1.9.18p10, but there does not seem to be a lot of idle traffic to/from that one. I first noticed this traffic when I saw that the LEDs on my hub where always flashing even when I didn't do anything. I guess some idle traffic is normal, but to me this looks strange. I didn't know what other information to include and I don't want to flood the list with a lot of useless stuff, so please ask me if you need more information. Do you think this traffic is normal, and if not is there anything I can do about it? Please CC a copy of your reply to my email address since I don't subscribe to the list. Thank you for your time and help. Regards Johan Petersson ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=3D= 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message