Daniel Bauer wrote:
Hello,
All of a sudden I had a lot of internet traffic (seen on gkrellm) but didn't have any internet application open...
Filter your dump of known traffic...then get rid of variable info. This is your dump w/o the DNS and duplicates filtered: ARP, Reply 192.168.1.1 is-at 00:02:cf:56:7c:a0 (oui Unknown), length 46 ARP, Request who-has 192.168.1.1 tell 192.168.1.36, length 28 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2 [max resp time 5] IP 192.168.1.1.router > 192.168.1.255.router: RIPv2, Response, length: 64 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP, length IP 192.168.1.36.ntp > guti.uc3m.es.ntp: NTPv4, Client, length 48 IP guti.uc3m.es.ntp > 192.168.1.36.ntp: NTPv4, Server, length 48 ---------- Nothing looks like a hack in this... I see NTP (time) kernel does ARP, routing service discovery protocol. Nothing indicates a hack, IMO... The DNS lookups could be from tcpdump resolving names it sees or a webpage loading...did you have a browser active? That's all normal traffic, IMO... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org