Excessive network traffic -

John Summerfield debian at herakles.homelinux.org
Thu Nov 29 00:29:50 UTC 2007


Phil Meyer wrote:
> Ed Greshko wrote:
>> Bob Goodwin wrote:
>>
>> ...
>>> 14:48:17.244236 arp who-has 70.41.114.44 tell 70.41.112.1
>>> 14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1
>>>     
>>
>> The above are ARP broadcast packets.  ARP stands for Address Resolution
>> Protocol.
>>
>> It is a bit strange to see these in your network since ARP broadcast 
>> packets
>> aren't supposed to survive past the subnet they are transmitted on.  The
>> purpose of the ARP request is to get the MAC address of a given IP 
>> address.
>>  Taking one line of your output above...
>> ...
>> These packets are coming into your network.  They are 42 bytes long.  
>> You'd
>> have to have a whole heck of a lot of these to drive up your network 
>> usage.
>>  In any case, they are inbound and not associated with any requests from
>> your side so it is unlikely that the ISP is counting these as your 
>> traffic.
>>
>>
>>
>>
>>   
> 
> This is a clear indication of packet 'flooding' by your ISP.  If you 
> watch a dump long enough you will probably see all kinds of traffic.

Not so, those are broadcast packets. If you were correct, he'd be seeing 
replies too.



-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)




More information about the fedora-list mailing list