Excessive network traffic -
John Summerfield
debian at herakles.homelinux.org
Thu Nov 29 00:29:50 UTC 2007
Phil Meyer wrote:
> Ed Greshko wrote:
>> Bob Goodwin wrote:
>>
>> ...
>>> 14:48:17.244236 arp who-has 70.41.114.44 tell 70.41.112.1
>>> 14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1
>>>
>>
>> The above are ARP broadcast packets. ARP stands for Address Resolution
>> Protocol.
>>
>> It is a bit strange to see these in your network since ARP broadcast
>> packets
>> aren't supposed to survive past the subnet they are transmitted on. The
>> purpose of the ARP request is to get the MAC address of a given IP
>> address.
>> Taking one line of your output above...
>> ...
>> These packets are coming into your network. They are 42 bytes long.
>> You'd
>> have to have a whole heck of a lot of these to drive up your network
>> usage.
>> In any case, they are inbound and not associated with any requests from
>> your side so it is unlikely that the ISP is counting these as your
>> traffic.
>>
>>
>>
>>
>>
>
> This is a clear indication of packet 'flooding' by your ISP. If you
> watch a dump long enough you will probably see all kinds of traffic.
Not so, those are broadcast packets. If you were correct, he'd be seeing
replies too.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the fedora-list
mailing list