ways Skrevet 6. oktober 2005 Del Skrevet 6. oktober 2005 hva er dette forno? har mye nettverkstrafikk uten grunn.. 18:41:53.559120 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36794+ PTR? 124.0.0.10.in-addr.arpa. (41) 18:41:53.575063 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36794 NXDomain* 0/0/0 (41) 18:41:53.754961 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36795+ PTR? 78.0.0.10.in-addr.arpa. (40) 18:41:53.785166 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36795 NXDomain* 0/0/0 (40) 18:41:53.956215 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36796+ PTR? 165.0.0.10.in-addr.arpa. (41) 18:41:53.975191 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36796 NXDomain* 0/0/0 (41) 18:41:53.976102 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36797+ PTR? 48.0.0.10.in-addr.arpa. (40) 18:41:54.010189 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36797 NXDomain* 0/0/0 (40) 18:41:54.074347 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36798+ PTR? 16.0.0.10.in-addr.arpa. (40) 18:41:54.092790 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36798 NXDomain* 0/0/0 (40) 18:41:54.376808 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36799+ PTR? 57.0.0.10.in-addr.arpa. (40) 18:41:54.397885 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36799 NXDomain* 0/0/0 (40) 18:41:54.963553 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36800+ PTR? 181.0.0.10.in-addr.arpa. (41) 18:41:54.983089 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36800 NXDomain* 0/0/0 (41) 18:41:55.267842 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36801+ PTR? 224.0.0.10.in-addr.arpa. (41) 18:41:55.285707 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36801 NXDomain* 0/0/0 (41) 18:41:55.564521 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36802+ PTR? 19.0.0.10.in-addr.arpa. (40) 18:41:55.583040 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36802 NXDomain* 0/0/0 (40) 18:41:56.206164 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 36803+ PTR? 116.0.0.10.in-addr.arpa. (41) 18:41:56.225953 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 36803 NXDomain* 0/0/0 (41) Lenke til kommentar
objorkum Skrevet 6. oktober 2005 Del Skrevet 6. oktober 2005 Kva for ein logg er det? Ser ut som det er DNS-spørsmål. Lenke til kommentar
Grom Skrevet 6. oktober 2005 Del Skrevet 6. oktober 2005 Sånn som det ser ut som for meg er dette trafikk mellom deg og en NextGenTel DNS- server. Les mer om DNS her. Lenke til kommentar
ways Skrevet 6. oktober 2005 Forfatter Del Skrevet 6. oktober 2005 (endret) det var en tcpdump | grep 10.0.0.39 (min ip) egentlig ser det slik ut tcpdump 18:55:31.494327 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12607+ PTR? 249.0.0.10.in-addr.arpa. (41)18:55:31.514764 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12607 NXDomain* 0/0/0 (41) 18:55:31.515710 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12608+ PTR? 215.0.0.10.in-addr.arpa. (41) 18:55:31.520677 (NOV-802.2) 00000000.22:8c:4f:57:c9:21.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req FileServer 18:55:31.532151 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12608 NXDomain* 0/0/0 (41) 18:55:32.083937 IP 10.0.0.202.netbios-ns > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:55:32.102891 arp who-has 10.0.0.159 tell 10.0.0.30 18:55:32.103057 arp who-has 10.0.0.39 tell 10.0.0.30 18:55:32.103182 arp reply 10.0.0.39 is-at 00:10:a7:13:ff:ab 18:55:32.103437 IP 10.0.0.30.3646 > 10.0.0.39.microsoft-ds: S 1255726749:1255726749(0) win 64240 <mss 1460,nop,nop,sackOK> 18:55:32.104205 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12609+ PTR? 159.0.0.10.in-addr.arpa. (41) 18:55:32.152081 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12609 NXDomain* 0/0/0 (41) 18:55:32.188625 (NOV-802.2) 00000000.22:8c:4f:57:c9:21.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req FileServer 18:55:32.197602 arp who-has 10.0.0.167 tell 10.0.0.30 18:55:32.197670 arp who-has 10.0.0.128 tell 10.0.0.30 18:55:32.198333 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12610+ PTR? 167.0.0.10.in-addr.arpa. (41) 18:55:32.214661 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12610 NXDomain* 0/0/0 (41) 18:55:32.215674 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12611+ PTR? 128.0.0.10.in-addr.arpa. (41) 18:55:32.232066 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12611 NXDomain* 0/0/0 (41) 18:55:32.298296 arp who-has 10.0.0.226 tell 10.0.0.30 18:55:32.298394 arp who-has 10.0.0.73 tell 10.0.0.30 18:55:32.299272 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12612+ PTR? 73.0.0.10.in-addr.arpa. (40) 18:55:32.301132 802.1d config 8000.22:8c:4f:57:c9:21.8001 root 8000.22:8c:4f:57:c9:21 pathcost 0 age 0 max 8 hello 2 fdelay 5 18:55:32.314626 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12612 NXDomain* 0/0/0 (40) 18:55:32.399578 arp who-has 10.0.0.169 tell 10.0.0.30 18:55:32.499174 arp who-has 10.0.0.42 tell 10.0.0.30 18:55:32.599905 arp who-has 10.0.0.209 tell 10.0.0.30 18:55:32.599964 arp who-has 10.0.0.114 tell 10.0.0.30 18:55:32.600544 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12613+ PTR? 209.0.0.10.in-addr.arpa. (41) 18:55:32.609660 arp who-has 10.0.0.126 tell 10.0.0.30 18:55:32.620261 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12613 NXDomain* 0/0/0 (41) 18:55:32.621102 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12614+ PTR? 114.0.0.10.in-addr.arpa. (41) 18:55:32.642216 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12614 NXDomain* 0/0/0 (41) 18:55:32.643155 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12615+ PTR? 126.0.0.10.in-addr.arpa. (41) 18:55:32.659724 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12615 NXDomain* 0/0/0 (41) 18:55:32.805995 arp who-has 10.0.0.64 tell 10.0.0.30 18:55:32.806700 IP 10.0.0.39.32768 > dns03.nextgentel.net.domain: 12616+ PTR? 64.0.0.10.in-addr.arpa. (40) 18:55:32.824791 IP dns03.nextgentel.net.domain > 10.0.0.39.32768: 12616 NXDomain* 0/0/0 (40) 18:55:32.833319 IP 10.0.0.202.netbios-ns > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 18:55:32.854673 IP 10.0.0.20.5353 > 224.0.0.251.5353: 0 [2q] PTR? _daap._tcp.local. PTR? _raop._tcp.local. (46) 18:55:32.856520 (NOV-802.2) 00000000.22:8c:4f:57:c9:21.4000 > 00000000.ff:ff:ff:ff:ff:ff.0452:ipx-sap-req FileServer Endret 6. oktober 2005 av ways Lenke til kommentar
ways Skrevet 6. oktober 2005 Forfatter Del Skrevet 6. oktober 2005 Sånn som det ser ut som for meg er dette trafikk mellom deg og en NextGenTel DNS- server. Les mer om DNS her. jaja, jeg vet hva dns er, men det var da veldig mye. firestarter (brannmur) viser ingen aktive programmer som ber om noe.. Lenke til kommentar
Bad_Byte Skrevet 6. oktober 2005 Del Skrevet 6. oktober 2005 Jeg ville ikke ha bryd meg om det, det er bare 10.0.0.30 som spørr hvem som har vilke adresser. Lenke til kommentar
ways Skrevet 7. oktober 2005 Forfatter Del Skrevet 7. oktober 2005 jævlig nosy .30 skulle være da. jeg liker det ikke. men det er et stort nettverk med mange brukere, så det er kanskje bare sånn det er. Lenke til kommentar
Bad_Byte Skrevet 7. oktober 2005 Del Skrevet 7. oktober 2005 (endret) Ja det er sikkert og vist, er selv kobla til nettet via SiO/UiO Studentby. Kjørte "time sudo tcpdump -c 10 -vv" bare for å se hvor lang tid det tokk før tcpdump hadde "fanget" 10 pakker. Det tokk bare 0.8 sekund da var det 10 pakker som var "OK" og 68 som hadde blitt avvist av kernelen/iptables. Det ser kanskje mye/noisy ut men de pakkene har minialt med last så det går i praksis ikke ut over båndbredden/linjehastigheten. Endret 7. oktober 2005 av Bad_Byte Lenke til kommentar
jorgis Skrevet 7. oktober 2005 Del Skrevet 7. oktober 2005 Inspirert av denne tråden kjørte jeg nettopp tcpdump på min maskin, og der skjer det mye rart. jorgis@jorgis:~$ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 13:58:16.862202 IP server.microsoft-ds > 192.168.2.125.32768: P 917252992:917253157(165) ack 1584475028 win 2788 <nop,nop,timestamp 2573787886 52988770> 13:58:16.877499 IP 192.168.2.125.32768 > server.microsoft-ds: P 1:102(101) ack 165 win 16022 <nop,nop,timestamp 52988770 2573787886> 13:58:16.862558 IP server.microsoft-ds > 192.168.2.125.32768: P 165:461(296) ack 102 win 2788 <nop,nop,timestamp 2573787886 52988770> 13:58:16.862953 IP 192.168.2.125.32870 > ns10.e.nsc.no.domain: 12410+ PTR? 125.2.168.192.in-addr.arpa. (44) 13:58:16.876171 IP ns10.e.nsc.no.domain > 192.168.2.125.32870: 12410 NXDomain 0/1/0 (121) 13:58:16.877734 IP 192.168.2.125.32870 > ns10.e.nsc.no.domain: 12411+ PTR? 68.60.67.130.in-addr.arpa. (43) 13:58:16.892158 IP ns10.e.nsc.no.domain > 192.168.2.125.32870: 12411 1/5/6 (307) 13:58:16.902504 IP 192.168.2.125.32768 > server.microsoft-ds: . ack 461 win 16022 <nop,nop,timestamp 52988811 2573787886> 13:58:17.750239 IP 60-240-163-142.tpgi.com.au.26218 > 192.168.2.125.6881: S 3534658466:3534658466(0) win 65535 <mss 1400,nop,nop,sackOK> 13:58:17.750310 IP 192.168.2.125.6881 > 60-240-163-142.tpgi.com.au.26218: R 0:0(0) ack 3534658467 win 0 13:58:17.753078 IP 192.168.2.125.32870 > ns10.e.nsc.no.domain: 12412+ PTR? 142.163.240.60.in-addr.arpa. (45) 13:58:17.852332 IP 192.168.2.125.32768 > server.microsoft-ds: P 102:193(91) ack 461 win 16022 <nop,nop,timestamp 52989760 2573787886> 13:58:17.852811 IP server.microsoft-ds > 192.168.2.125.32768: P 461:626(165) ack 193 win 2788 <nop,nop,timestamp 2573788877 52989760> 13:58:17.852839 IP 192.168.2.125.32768 > server.microsoft-ds: . ack 626 win 16022 <nop,nop,timestamp 52989761 2573788877> 13:58:18.086147 IP ns10.e.nsc.no.domain > 192.168.2.125.32870: 12412 1/2/2 (153) 13:58:18.658112 IP 60-240-163-142.tpgi.com.au.26221 > 192.168.2.125.6881: S 3534658466:3534658466(0) win 65535 <mss 1400,nop,nop,sackOK> 13:58:18.658167 IP 192.168.2.125.6881 > 60-240-163-142.tpgi.com.au.26221: R 0:0(0) ack 3534658467 win 0 13:58:18.853316 IP 192.168.2.125.32768 > server.microsoft-ds: P 193:284(91) ack 626 win 16022 <nop,nop,timestamp 52990762 2573788877> 13:58:18.853767 IP server.microsoft-ds > 192.168.2.125.32768: P 626:791(165) ack 284 win 2788 <nop,nop,timestamp 2573789878 52990762> 13:58:18.853797 IP 192.168.2.125.32768 > server.microsoft-ds: . ack 791 win 16022 <nop,nop,timestamp 52990762 2573789878> 13:58:18.853948 IP 192.168.2.125.32768 > server.microsoft-ds: P 284:370(86) ack 791 win 16022 <nop,nop,timestamp 52990762 2573789878> 13:58:18.854194 IP server.microsoft-ds > 192.168.2.125.32768: P 791:956(165) ack 370 win 2788 <nop,nop,timestamp 2573789878 52990762> 13:58:18.854295 IP 192.168.2.125.32768 > server.microsoft-ds: P 370:465(95) ack 956 win 16022 <nop,nop,timestamp 52990763 2573789878> 13:58:18.854540 IP server.microsoft-ds > 192.168.2.125.32768: P 956:1121(165) ack 465 win 2788 <nop,nop,timestamp 2573789879 52990763> 13:58:18.866392 IP 192.168.2.125.32768 > server.microsoft-ds: P 465:563(98) ack 1121 win 16022 <nop,nop,timestamp 52990775 2573789879> 13:58:18.866656 IP server.microsoft-ds > 192.168.2.125.32768: P 1121:1286(165) ack 563 win 2788 <nop,nop,timestamp 2573789891 52990775> 13:58:18.872251 IP 192.168.2.125.32768 > server.microsoft-ds: P 563:647(84) ack 1286 win 16022 <nop,nop,timestamp 52990781 2573789891> 13:58:18.872507 IP server.microsoft-ds > 192.168.2.125.32768: P 1286:1451(165) ack 647 win 2788 <nop,nop,timestamp 2573789897 52990781> 13:58:18.884668 IP 192.168.2.125.32768 > server.microsoft-ds: P 647:738(91) ack 1451 win 16022 <nop,nop,timestamp 52990793 2573789897> 13:58:18.884922 IP server.microsoft-ds > 192.168.2.125.32768: P 1451:1616(165) ack 738 win 2788 <nop,nop,timestamp 2573789909 52990793> 13:58:18.891264 IP 192.168.2.125.32768 > server.microsoft-ds: P 738:831(93) ack 1616 win 16022 <nop,nop,timestamp 52990800 2573789909> 13:58:18.891554 IP server.microsoft-ds > 192.168.2.125.32768: P 1616:1781(165) ack 831 win 2788 <nop,nop,timestamp 2573789916 52990800> 13:58:18.897310 IP 192.168.2.125.32768 > server.microsoft-ds: P 831:926(95) ack 1781 win 16022 <nop,nop,timestamp 52990806 2573789916> 13:58:18.897567 IP server.microsoft-ds > 192.168.2.125.32768: P 1781:1946(165) ack 926 win 2788 <nop,nop,timestamp 2573789922 52990806> 13:58:18.910258 IP 192.168.2.125.32768 > server.microsoft-ds: P 926:1015(89) ack 1946 win 16022 <nop,nop,timestamp 52990819 2573789922> 13:58:18.910515 IP server.microsoft-ds > 192.168.2.125.32768: P 1946:2111(165) ack 1015 win 2788 <nop,nop,timestamp 2573789935 52990819> 13:58:18.916256 IP 192.168.2.125.32768 > server.microsoft-ds: P 1015:1108(93) ack 2111 win 16022 <nop,nop,timestamp 52990825 2573789935> 13:58:18.916515 IP server.microsoft-ds > 192.168.2.125.32768: P 2111:2276(165) ack 1108 win 2788 <nop,nop,timestamp 2573789941 52990825> 13:58:18.927594 IP 192.168.2.125.32768 > server.microsoft-ds: P 1108:1197(89) ack 2276 win 16022 <nop,nop,timestamp 52990836 2573789941> 13:58:18.927851 IP server.microsoft-ds > 192.168.2.125.32768: P 2276:2441(165) ack 1197 win 2788 <nop,nop,timestamp 2573789952 52990836> 13:58:18.929797 IP 192.168.2.125.32768 > server.microsoft-ds: P 1197:1287(90) ack 2441 win 16022 <nop,nop,timestamp 52990838 2573789952> 13:58:18.930048 IP server.microsoft-ds > 192.168.2.125.32768: P 2441:2606(165) ack 1287 win 2788 <nop,nop,timestamp 2573789954 52990838> 13:58:18.930224 IP 192.168.2.125.32768 > server.microsoft-ds: P 1287:1372(85) ack 2606 win 16022 <nop,nop,timestamp 52990839 2573789954> 13:58:18.930473 IP server.microsoft-ds > 192.168.2.125.32768: P 2606:2771(165) ack 1372 win 2788 <nop,nop,timestamp 2573789955 52990839> 13:58:18.932122 IP 192.168.2.125.32768 > server.microsoft-ds: P 1372:1465(93) ack 2771 win 16022 <nop,nop,timestamp 52990840 2573789955> 13:58:18.932386 IP server.microsoft-ds > 192.168.2.125.32768: P 2771:2936(165) ack 1465 win 2788 <nop,nop,timestamp 2573789956 52990840> 13:58:18.940573 IP 192.168.2.125.32768 > server.microsoft-ds: P 1465:1566(101) ack 2936 win 16022 <nop,nop,timestamp 52990849 2573789956> 13:58:18.941058 IP server.microsoft-ds > 192.168.2.125.32768: P 2936:3232(296) ack 1566 win 2788 <nop,nop,timestamp 2573789965 52990849> 13:58:18.980187 IP 192.168.2.125.32768 > server.microsoft-ds: . ack 3232 win 16022 <nop,nop,timestamp 52990889 2573789965> 13:58:19.476038 IP 60-240-163-142.tpgi.com.au.26222 > 192.168.2.125.6881: S 3534658466:3534658466(0) win 65535 <mss 1400,nop,nop,sackOK> 13:58:19.476079 IP 192.168.2.125.6881 > 60-240-163-142.tpgi.com.au.26222: R 0:0(0) ack 3534658467 win 0 13:58:19.855170 IP 192.168.2.125.32768 > server.microsoft-ds: P 1566:1657(91) ack 3232 win 16022 <nop,nop,timestamp 52991764 2573789965> 13:58:19.855625 IP server.microsoft-ds > 192.168.2.125.32768: P 3232:3397(165) ack 1657 win 2788 <nop,nop,timestamp 2573790880 52991764> 13:58:19.855655 IP 192.168.2.125.32768 > server.microsoft-ds: . ack 3397 win 16022 <nop,nop,timestamp 52991764 2573790880> 13:58:19.855810 IP 192.168.2.125.32768 > server.microsoft-ds: P 1657:1743(86) ack 3397 win 16022 <nop,nop,timestamp 52991764 2573790880> 13:58:19.856050 IP server.microsoft-ds > 192.168.2.125.32768: P 3397:3562(165) ack 1743 win 2788 <nop,nop,timestamp 2573790880 52991764> 13:58:19.877403 IP 192.168.2.125.32768 > server.microsoft-ds: P 1743:1838(95) ack 3562 win 16022 <nop,nop,timestamp 52991786 2573790880> 13:58:19.877663 IP server.microsoft-ds > 192.168.2.125.32768: P 3562:3727(165) ack 1838 win 2788 <nop,nop,timestamp 2573790902 52991786> 13:58:19.884110 IP 192.168.2.125.32768 > server.microsoft-ds: P 1838:1936(98) ack 3727 win 16022 <nop,nop,timestamp 52991793 2573790902> 13:58:19.884369 IP server.microsoft-ds > 192.168.2.125.32768: P 3727:3892(165) ack 1936 win 2788 <nop,nop,timestamp 2573790909 52991793> 13:58:19.884688 IP 192.168.2.125.32768 > server.microsoft-ds: P 1936:2020(84) ack 3892 win 16022 <nop,nop,timestamp 52991793 2573790909> 13:58:19.884924 IP server.microsoft-ds > 192.168.2.125.32768: P 3892:4057(165) ack 2020 win 2788 <nop,nop,timestamp 2573790909 52991793> 13:58:19.924048 IP 192.168.2.125.32768 > server.microsoft-ds: . ack 4057 win 16022 <nop,nop,timestamp 52991833 2573790909> 63 packets captured 85 packets received by filter 0 packets dropped by kernel Hvorfor prøver min maskin å kontakte noe med microsoft (eller er det omvendt?)? Lenke til kommentar
objorkum Skrevet 7. oktober 2005 Del Skrevet 7. oktober 2005 (endret) Og den IPen er din? Nei det kan vel vere MSN f.eks. Forøvrig er det ganske greit å bruke "iftop/netwatch" e.l., då den gir litt betre oversikt (syns eg). Endret 7. oktober 2005 av objorkum Lenke til kommentar
jorgis Skrevet 7. oktober 2005 Del Skrevet 7. oktober 2005 Og den IPen er din? Nei det kan vel vere MSN f.eks. Forøvrig er det ganske greit å bruke "iftop/netwatch" e.l., då den gir litt betre oversikt (syns eg). Ah, seff. Har jo GAIM oppe. Lenke til kommentar
objorkum Skrevet 7. oktober 2005 Del Skrevet 7. oktober 2005 (endret) Og den IPen er din? Nei det kan vel vere MSN f.eks. Forøvrig er det ganske greit å bruke "iftop/netwatch" e.l., då den gir litt betre oversikt (syns eg). Ah, seff. Har jo GAIM oppe. Hadde vore særs merkeleg om du ikkje hadde hatt det, for å sei det slik (om du ikkje brukar Windows då) Endret 7. oktober 2005 av objorkum Lenke til kommentar
ways Skrevet 8. oktober 2005 Forfatter Del Skrevet 8. oktober 2005 mye skummelt i nettrafikken. kanskje best å bare tenke på noe annet =) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå