Am 07.07.2014 04:02, schrieb Linda Walsh:
Daniel Bauer wrote:
Hello,
All of a sudden I had a lot of internet traffic (seen on gkrellm) but didn't have any internet application open...
Filter your dump of known traffic...then get rid of variable info.
This is your dump w/o the DNS and duplicates filtered: ARP, Reply 192.168.1.1 is-at 00:02:cf:56:7c:a0 (oui Unknown), length 46 ARP, Request who-has 192.168.1.1 tell 192.168.1.36, length 28 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2 [max resp time 5] IP 192.168.1.1.router > 192.168.1.255.router: RIPv2, Response, length: 64 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP, length IP 192.168.1.36.ntp > guti.uc3m.es.ntp: NTPv4, Client, length 48 IP guti.uc3m.es.ntp > 192.168.1.36.ntp: NTPv4, Server, length 48 ----------
Nothing looks like a hack in this...
I see NTP (time) kernel does ARP, routing service discovery protocol.
Nothing indicates a hack, IMO...
The DNS lookups could be from tcpdump resolving names it sees or a webpage loading...did you have a browser active? That's all normal traffic, IMO...
Hi Linda and everybody :-) I searched my system, read the mentioned blogs, installed and run rkhunter, and as much as I can see: nothing not normal... I was wondering because at the moment I took the tcpdum-list, there was - except ntp - nothing open that should connect to internet (and I checked in the process-list (ctrl-esc) that no browser, email, radio, skype or torrent program was running. Still I saw gkrellm showing eth0 traffic and the mentioned list resulted from tcpdump... So after reading the answers here I am not very worried anymore, but I'll keep an eye on it and use lsof -iTCP etc. to see what happens. In case I detect something that makes me feel insecure I'll post to a new thread... Thanks everybody for having a look at my problem :-) Daniel -- Daniel Bauer photographer Basel Barcelona professional photography: http://www.daniel-bauer.com google+: https://plus.google.com/109534388657020287386 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org