On 12/31/2011 02:05 PM, Peter Nikolic wrote: <snop>
while you have Thunderbird running run a term of some for and run tcpdump just watch where things get reported to .
<snip> Looking at chromium, it definitely 'phones home' on startup. Example: start tcpdump to look at web traffic in an xterm: tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' Interestingly, the follow packet appears: 13:36:53.690164 IP providence.rlfpllc.com.49830 > dfw06s16-in-f3.1e100.net.http: Flags [P.], seq 4290757038:4290757765, ack 2979107591, win 913, options [nop,nop,TS val 391374 ecr 1135864716], length 727 13:36:53.708067 IP dfw06s16-in-f3.1e100.net.http > providence.rlfpllc.com.49830: Flags [P.], seq 1:376, ack 727, win 112, options [nop,nop,TS val 1135864737 ecr 391374], length 375 Who the heck is that? Well... 13:38 providence:~> ping dfw06s16-in-f3.1e100.net PING dfw06s16-in-f3.1e100.net (74.125.227.99) 56(84) bytes of data. 64 bytes from dfw06s16-in-f3.1e100.net (74.125.227.99): icmp_req=1 ttl=54 time=33.3 ms 64 bytes from dfw06s16-in-f3.1e100.net (74.125.227.99): icmp_req=2 ttl=54 time=13.2 ms 64 bytes from dfw06s16-in-f3.1e100.net (74.125.227.99): icmp_req=3 ttl=54 time=14.5 ms ^C 13:38 providence:~> whois 74.125.227.99 # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=74.125.227.99?showDetails=true&showARIN=false&ext=netref2 # NetRange: 74.125.0.0 - 74.125.255.255 CIDR: 74.125.0.0/16 OriginAS: NetName: GOOGLE NetHandle: NET-74-125-0-0-1 Parent: NET-74-0-0-0-0 NetType: Direct Allocation RegDate: 2007-03-13 Updated: 2007-05-22 Ref: http://whois.arin.net/rest/net/NET-74-125-0-0-1 OrgName: Google Inc. OrgId: GOGL Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2000-03-30 Updated: 2011-09-24 Ref: http://whois.arin.net/rest/org/GOGL OrgAbuseHandle: ZG39-ARIN OrgAbuseName: Google Inc OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: arin-contact@google.com OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN OrgTechHandle: ZG39-ARIN OrgTechName: Google Inc OrgTechPhone: +1-650-253-0000 OrgTechEmail: arin-contact@google.com OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN Yep, ET is phoning home to Google... Then hundreds more packets: 13:40:13.464372 IP oa-in-f139.1e100.net.http > providence.rlfpllc.com.37185: Flags [P.], seq 939500:939902, ack 8771, win 450, options [nop,nop,TS val 1032746965 ecr 451285], length 402 Well who the hell is oa-in-f139.1e100.net? So... 13:38 providence:~> ping oa-in-f139.1e100.net PING oa-in-f139.1e100.net (173.194.64.139) 56(84) bytes of data. 64 bytes from oa-in-f139.1e100.net (173.194.64.139): icmp_req=1 ttl=46 time=22.7 ms 64 bytes from oa-in-f139.1e100.net (173.194.64.139): icmp_req=2 ttl=46 time=22.2 ms ^C --- oa-in-f139.1e100.net ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 22.247/22.512/22.778/0.304 ms 13:43 providence:~> whois 173.194.64.139 # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=173.194.64.139?showDetails=true&showARIN=false&ext=netref2 # NetRange: 173.194.0.0 - 173.194.255.255 CIDR: 173.194.0.0/16 OriginAS: AS15169 NetName: GOOGLE NetHandle: NET-173-194-0-0-1 Parent: NET-173-0-0-0-0 NetType: Direct Allocation RegDate: 2009-08-17 Updated: 2010-08-23 Ref: http://whois.arin.net/rest/net/NET-173-194-0-0-1 OrgName: Google Inc. OrgId: GOGL Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2000-03-30 Updated: 2011-09-24 Ref: http://whois.arin.net/rest/org/GOGL OrgTechHandle: ZG39-ARIN OrgTechName: Google Inc OrgTechPhone: +1-650-253-0000 OrgTechEmail: arin-contact@google.com OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN OrgAbuseHandle: ZG39-ARIN OrgAbuseName: Google Inc OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: arin-contact@google.com OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN You get the idea... This is all with the browser just sitting idle. It keeps going too. Every few minutes, there is another flurry of information sent back to google. And, I disabled everything in the settings that would do this (or so I thought). -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org