On 07/13/2017 02:15 PM, Daniel Bauer wrote:
Hello,
I've seen in gkrellm that there is quite a lot of internet traffic, although I didn't have any program running that connects to outside.
So I downloaded "iptraf" and let it run a short while.
this is the beginning of the log it created:
Thu Jul 13 20:04:30 2017; ******** IP traffic monitor started ******** Thu Jul 13 20:04:35 2017; ICMPv6; eth0; 64 bytes; from fe80::da61:94ff:fe8b:c632 to ff02::1; router adv Thu Jul 13 20:04:35 2017; UDP; eth0; 138 bytes; from fe80::1e6f:65ff:fe91:8f9:5353 to ff02::fb:5353 Thu Jul 13 20:04:35 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:35 2017; UDP; eth0; 118 bytes; from 192.168.1.33:54612 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 71 bytes; from 192.168.1.33:34000 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 70 bytes; from 192.168.1.33:51486 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 130 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:34000 Thu Jul 13 20:04:35 2017; UDP; eth0; 127 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:51486 Thu Jul 13 20:04:36 2017; UDP; eth0; 182 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:54612 Thu Jul 13 20:04:36 2017; UDP; eth0; 138 bytes; from venus.local:5353 to ff02::fb:5353 Thu Jul 13 20:04:36 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:38 2017; UDP; eth0; 138 bytes; from venus.local:5353 to ff02::fb:5353 Thu Jul 13 20:04:38 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:40 2017; UDP; eth0; 69 bytes; from 192.168.1.33:57325 to 250.red-80-58-61.staticip.rima-tde.net:53
I see it talks to telefonica (my provider, 80.58.61.250), but why? And why is there sop much traffic with staticip.rima-tde.net?
I assume this is on your local LAN. Those UDP packets on port 5353 are mDNS. That is multicast DNS. Port 53 is regular DNS. That ICMPv6 line is from a link local address to an all hosts multicast. I assume that is from your router. That link local address contains the MAC address, with some modification. Do you recognize it? The packets from 250.red-80-58-61.staticip.rima-tde.net are responses to the DNS requests from 192.168.1.33. So, the question is who are you using for DNS? Could be them. The packets to ff02 & 224 are multicasts, which appear to be coming from 192.168.1.33 or venus.local. Does that name mean anything to you? What about 192.158.1.33? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org