From owner-freebsd-questions Tue Mar 13 14:47: 8 2001 Delivered-To: freebsd-questions@freebsd.org Received: from server1.cipher.com.br (server1.cipher.com.br [200.192.23.19]) by hub.freebsd.org (Postfix) with ESMTP id 0E89E37B719 for ; Tue, 13 Mar 2001 14:47:02 -0800 (PST) (envelope-from alexandre@cipher.com.br) Received: from is32.cipher.net (localhost.localdomain [127.0.0.1]) by server1.cipher.com.br (8.11.0/8.11.0) with SMTP id f2DMinM08557; Tue, 13 Mar 2001 19:44:49 -0300 Date: Tue, 13 Mar 2001 19:48:30 -0300 From: Alexandre Florio To: Johan Petersson Cc: freebsd-questions@freebsd.org Subject: Re: Strange network traffic Message-Id: <20010313194830.6a313535.alexandre@cipher.com.br> In-Reply-To: <20010313222727.20757.qmail@web119.yahoomail.com> References: <20010313222727.20757.qmail@web119.yahoomail.com> X-Mailer: Sylpheed version 0.4.9 (GTK+ 1.2.8; FreeBSD 4.2-RELEASE; i386) Organization: Cipher Technology Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Are you running tcpdump locallly on hawk or are you running on a ssh connection? If you are on a ssh connection, this traffic can be assigned to the output of tcpdump going to your local machine... On Tue, 13 Mar 2001 14:27:27 -0800 (PST) Johan Petersson wrote: > Hi everyone, > > I'm seeing a lot of network traffic on my LAN even when the computers > are idle. To me it looks like some sort of keepalive or pinging, but > with several packages per second. Here is the output from tcpdump: > > root@hawk:/home/johan$ tcpdump -i ep0 -N > tcpdump: listening on ep0 > 11:12:15.754180 hawk.ssh > eagle.3013: . ack 3581473918 win 17520 > 11:12:15.754453 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) > 11:12:15.924171 hawk.netbios-ssn > eagle.3010: . ack 3543040564 win 17520 > 11:12:15.924444 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) > 11:12:16.234177 hawk.ssh > eagle.3013: . ack 1 win 17520 > 11:12:16.234450 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) > 11:12:16.404180 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 > 11:12:16.404462 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) > 11:12:16.714184 hawk.ssh > eagle.3013: . ack 1 win 17520 > 11:12:16.714458 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) > 11:12:16.884176 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 > 11:12:16.884468 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) > 11:12:17.194184 hawk.ssh > eagle.3013: . ack 1 win 17520 > 11:12:17.194466 eagle.3013 > hawk.ssh: . ack 1 win 16212 (DF) > 11:12:17.364323 hawk.netbios-ssn > eagle.3010: . ack 1 win 17520 > 11:12:17.364602 eagle.3010 > hawk.netbios-ssn: . ack 1 win 16286 (DF) -- Alexandre Florio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message