On 2017-07-13 20:15, Daniel Bauer wrote:
Hello,
I've seen in gkrellm that there is quite a lot of internet traffic, although I didn't have any program running that connects to outside.
So I downloaded "iptraf" and let it run a short while.
this is the beginning of the log it created:
Thu Jul 13 20:04:30 2017; ******** IP traffic monitor started ******** Thu Jul 13 20:04:35 2017; ICMPv6; eth0; 64 bytes; from fe80::da61:94ff:fe8b:c632 to ff02::1; router adv Thu Jul 13 20:04:35 2017; UDP; eth0; 138 bytes; from fe80::1e6f:65ff:fe91:8f9:5353 to ff02::fb:5353 Thu Jul 13 20:04:35 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353
Finding who is where, I think. Some routers talk a lot.
Thu Jul 13 20:04:35 2017; UDP; eth0; 118 bytes; from 192.168.1.33:54612 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 71 bytes; from 192.168.1.33:34000 to 80.58.61.250:53 Thu Jul 13 20:04:35 2017; UDP; eth0; 70 bytes; from 192.168.1.33:51486 to 80.58.61.250:53
This is DNS traffic. Normal.
Thu Jul 13 20:04:35 2017; UDP; eth0; 130 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:34000 Thu Jul 13 20:04:35 2017; UDP; eth0; 127 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:51486 Thu Jul 13 20:04:36 2017; UDP; eth0; 182 bytes; from 250.red-80-58-61.staticip.rima-tde.net:53 to 192.168.1.33:54612
Same thing, reverse direction. Telefonica DNS are in 80.58.61.250 and 80.58.61.254
Thu Jul 13 20:04:36 2017; UDP; eth0; 138 bytes; from venus.local:5353 to ff02::fb:5353 Thu Jul 13 20:04:36 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:38 2017; UDP; eth0; 138 bytes; from venus.local:5353 to ff02::fb:5353 Thu Jul 13 20:04:38 2017; UDP; eth0; 118 bytes; from 192.168.1.33:5353 to 224.0.0.251:5353 Thu Jul 13 20:04:40 2017; UDP; eth0; 69 bytes; from 192.168.1.33:57325 to 250.red-80-58-61.staticip.rima-tde.net:53
I see it talks to telefonica (my provider, 80.58.61.250), but why? And why is there sop much traffic with staticip.rima-tde.net?
That's the reverse domain name of the IP of the DNS server. They haven't bothered to set the proper reverse name.
...
It seem strange to me and I am a bit worried - or is this normal and why?
Seems normal :-) -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)