Am 13.07.2017 um 20:15 schrieb Daniel Bauer:
Hello,
I've seen in gkrellm that there is quite a lot of internet traffic, although I didn't have any program running that connects to outside.
So I downloaded "iptraf" and let it run a short while.
this is the beginning of the log it created:
Thu Jul 13 20:04:30 2017; ******** IP traffic monitor started ******** Thu Jul 13 20:04:35 2017; ICMPv6; eth0; 64 bytes; from fe80::da61:94ff:fe8b:c632 to ff02::1; router adv Thu Jul 13 20:04:35 2017; UDP; eth0; 138 bytes; from fe80::1e6f:65ff:fe91:8f9:5353 to ff02::fb:5353 Thu Jul 13 20:04:35 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:35 2017; UDP; eth0; 118 bytes; from 192.168.1.33:54612 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 71 bytes; from 192.168.1.33:34000 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 70 bytes; from 192.168.1.33:51486 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 130 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:34000 Thu Jul 13 20:04:35 2017; UDP; eth0; 127 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:51486 Thu Jul 13 20:04:36 2017; UDP; eth0; 182 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:54612 Thu Jul 13 20:04:36 2017; UDP; eth0; 138 bytes; from venus.local:5353 to ff02::fb:5353 Thu Jul 13 20:04:36 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:38 2017; UDP; eth0; 138 bytes; from venus.local:5353 to ff02::fb:5353 Thu Jul 13 20:04:38 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:40 2017; UDP; eth0; 69 bytes; from 192.168.1.33:57325 to 250.red-80-58-61.staticip.rima-tde.net:53
I see it talks to telefonica (my provider, 80.58.61.250), but why? And why is there sop much traffic with staticip.rima-tde.net? ...
It seem strange to me and I am a bit worried - or is this normal and why?
Should I let iptraf run a longer time and upload a log so someone here can check it?
Thanks for your help!
Daniel
OS 42.1, KDE, connected via cable on eth0
Uff, I am obviously bad in googling, and even bader n memory, but now I found out that in 2014 I asked more or less the same question here... :-) According to the hints in that thread I was looking what lsof -iTCP says:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME cupsd 2370 root 8u IPv6 15958 0t0 TCP localhost:ipp (LISTEN) cupsd 2370 root 9u IPv4 15959 0t0 TCP localhost:ipp (LISTEN) sshd 2593 root 3u IPv4 17297 0t0 TCP *:ssh (LISTEN) sshd 2593 root 4u IPv6 17299 0t0 TCP *:ssh (LISTEN) mysqld 2617 mysql 18u IPv6 17941 0t0 TCP *:mysql (LISTEN) httpd-pre 2652 root 4u IPv6 16026 0t0 TCP *:http (LISTEN) master 2838 root 13u IPv4 21889 0t0 TCP localhost:smtp (LISTEN) master 2838 root 14u IPv6 21890 0t0 TCP localhost:smtp (LISTEN) httpd-pre 2916 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN) httpd-pre 2918 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN) httpd-pre 2919 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN) httpd-pre 2920 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN) httpd-pre 2922 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN) httpd-pre 7521 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN) httpd-pre 27533 wwwrun 4u IPv6 16026 0t0 TCP *:http (LISTEN)
That looks pretty normal to me, although I don't know why some commands appear twice, why one httpd-pre runs as root, and what is "master". I guess I don't have to worry, but still I am happy for hints or explanations. Daniel -- Daniel Bauer photographer Basel Barcelona https://www.patreon.com/danielbauer http://www.daniel-bauer.com -- Daniel Bauer photographer Basel Barcelona https://www.patreon.com/danielbauer http://www.daniel-bauer.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org