Re: [opensuse] what is this traffic on my eth0?

8 Jul 2014

      Hi,

try watching

netstat -putec

as root. If you are lucky you can catch it.

On 07/05/2014 12:37 PM, Daniel Bauer wrote:
...
Hello,
All of a sudden I had a lot of internet traffic (seen on gkrellm) but
didn't have any internet application open...
I logged out an in again, had less, but still have traffic (see below).
I see google, blogger, likedin, my own website, many more etc.
How comes?
Is this something I should worry?
I don't have any idea about network etc., but maybe the listing below
sais something to somebody who has?
Thanks for hints!
Daniel
...
tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:29:17.892834 IP 192.168.1.36.54051 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 55122+ A?
img1.blogblog.com. (35)
12:29:17.893468 IP 192.168.1.36.57780 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 24803+ PTR?
36.1.168.192.in-addr.arpa. (43)
12:29:17.929639 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.54051: 55122 2/0/0 CNAME blogger.l.google.com., A
173.194.66.191 (82)
12:29:17.929756 IP 192.168.1.36.46637 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 7321+ A?
img2.blogblog.com. (35)
12:29:17.931315 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.57780: 24803 NXDomain* 0/1/0 (102)
12:29:17.966284 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.46637: 7321 2/0/0 CNAME blogger.l.google.com., A
74.125.206.191 (82)
12:29:17.966471 IP 192.168.1.36.38370 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 22323+ A?
www.blogger.com. (33)
12:29:18.000919 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.38370: 22323 2/0/0 CNAME blogger.l.google.com., A
173.194.66.191 (80)
12:29:21.261728 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:29:21.262031 IP 192.168.1.36.43978 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 34441+ PTR?
1.1.168.192.in-addr.arpa. (42)
12:29:21.298464 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.43978: 34441 NXDomain 0/1/0 (119)
12:29:21.950746 IP 192.168.1.36.ntp > guti.uc3m.es.ntp: NTPv4, Client,
length 48
12:29:21.951081 IP 192.168.1.36.58377 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 14687+ PTR?
33.202.117.163.in-addr.arpa. (45)
12:29:21.987356 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.58377: 14687 1/0/0 PTR guti.uc3m.es. (71)
12:29:21.995901 IP guti.uc3m.es.ntp > 192.168.1.36.ntp: NTPv4, Server,
length 48
12:29:22.904589 ARP, Request who-has 192.168.1.1 tell 192.168.1.36,
length 28
12:29:22.904976 ARP, Reply 192.168.1.1 is-at 00:02:cf:56:7c:a0 (oui
Unknown), length 46
12:29:32.264629 IP 192.168.1.1.router > 192.168.1.255.router: RIPv2,
Response, length: 64
12:29:32.264943 IP 192.168.1.36.47458 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 58833+ PTR?
255.1.168.192.in-addr.arpa. (44)
12:29:32.301324 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.47458: 58833 NXDomain* 0/1/0 (103)
12:29:33.001399 IP 192.168.1.36.43151 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 16752+ A?
labs.domaintools.com. (38)
12:29:33.071888 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.43151: 16752 1/0/0 A 199.30.228.83 (54)
12:29:33.072075 IP 192.168.1.36.51057 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 2316+ A?
www.inteligentcomp.com. (40)
12:29:33.176330 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.51057: 2316 3/0/0 CNAME ghs.google.com., CNAME
ghs.l.google.com., A 173.194.66.121 (101)
12:29:33.176486 IP 192.168.1.36.58612 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 37971+ PTR?
199.49.26.217.in-addr.arpa. (44)
12:29:33.211630 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.58612: 37971 1/0/0 PTR imap.mail.hostpoint.ch. (80)
12:29:36.263301 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:29:36.984661 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 304
12:29:36.984956 IP 192.168.1.36.56713 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 48073+ PTR?
250.255.255.239.in-addr.arpa. (46)
12:29:37.020628 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.56713: 48073 NXDomain 0/1/0 (103)
12:29:37.084505 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 299
12:29:37.184685 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 371
12:29:37.284520 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 304
12:29:37.384695 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 347
12:29:37.484501 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 304
12:29:37.584672 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 367
12:29:37.684497 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 304
12:29:37.784658 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 347
12:29:37.984639 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 363
12:29:38.084811 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 379
12:29:38.184649 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 363
12:29:38.284809 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 361
12:29:38.384633 IP 192.168.1.1.ssdp > 239.255.255.250.ssdp: UDP,
length 377
12:29:48.212084 IP 192.168.1.36.42014 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 35763+ A?
whois.domaintools.com. (39)
12:29:48.285337 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.42014: 35763 2/0/0 CNAME
whois.domaintools.com.c.footprint.net., A 8.247.6.160 (106)
12:29:48.285534 IP 192.168.1.36.45337 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 59863+ A?
ettercap.sf.net. (33)
12:29:48.363848 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.45337: 59863 1/0/0 A 216.34.181.96 (49)
12:29:48.364026 IP 192.168.1.36.49004 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 59233+ A?
www.daniel-bauer.com. (38)
12:29:48.519073 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.49004: 59233 1/0/0 A 217.26.50.29 (54)
12:29:51.262713 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:30:02.264601 IP 192.168.1.1.router > 192.168.1.255.router: RIPv2,
Response, length: 64
12:30:03.519587 IP 192.168.1.36.57927 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 45024+ A? linkedin.com.
(30)
12:30:03.554148 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.57927: 45024 1/0/0 A 216.52.242.86 (46)
12:30:06.263232 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:30:08.536678 ARP, Request who-has 192.168.1.1 tell 192.168.1.36,
length 28
12:30:08.537079 ARP, Reply 192.168.1.1 is-at 00:02:cf:56:7c:a0 (oui
Unknown), length 46
12:30:21.263706 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:30:32.266592 IP 192.168.1.1.router > 192.168.1.255.router: RIPv2,
Response, length: 64
12:30:33.554870 IP 192.168.1.36.33980 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 20740+ PTR?
84.67.194.173.in-addr.arpa. (44)
12:30:33.589164 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.33980: 20740 1/0/0 PTR wi-in-f84.1e100.net. (77)
12:30:33.589355 IP 192.168.1.36.57673 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 46372+ A?
www.inteligentcomp.com. (40)
12:30:33.625683 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.57673: 46372 3/0/0 CNAME ghs.google.com., CNAME
ghs.l.google.com., A 173.194.66.121 (101)
12:30:33.625856 IP 192.168.1.36.43331 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 56039+ PTR?
208.217.245.63.in-addr.arpa. (45)
12:30:33.696940 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.43331: 56039 1/0/0 PTR sync02.phx.services.mozilla.com. (90)
12:30:33.697112 IP 192.168.1.36.39176 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 38932+ PTR?
23.41.194.173.in-addr.arpa. (44)
12:30:33.733580 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.39176: 38932 1/0/0 PTR mad01s14-in-f23.1e100.net. (83)
12:30:33.733747 IP 192.168.1.36.41130 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 42042+ PTR?
228.41.194.173.in-addr.arpa. (45)
12:30:33.769881 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.41130: 42042 1/0/0 PTR mad01s15-in-f4.1e100.net. (83)
12:30:33.770048 IP 192.168.1.36.50991 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 2430+ PTR?
139.253.215.67.in-addr.arpa. (45)
12:30:33.805512 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.50991: 2430 1/0/0 PTR 1.counter.a.statcounter.com. (86)
12:30:33.805680 IP 192.168.1.36.48923 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 38159+ PTR?
29.50.26.217.in-addr.arpa. (43)
12:30:33.909179 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.48923: 38159 1/0/0 PTR www.daniel-bauer.com. (77)
12:30:33.909316 IP 192.168.1.36.42281 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 33172+ PTR?
3.41.194.173.in-addr.arpa. (43)
12:30:33.944897 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.42281: 33172 1/0/0 PTR mad01s14-in-f3.1e100.net. (81)
12:30:33.945026 IP 192.168.1.36.43238 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 62285+ PTR?
41.34.194.173.in-addr.arpa. (44)
12:30:33.980957 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.43238: 62285 1/0/0 PTR par03s03-in-f9.1e100.net. (82)
12:30:33.981085 IP 192.168.1.36.47322 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 57773+ PTR?
248.34.194.173.in-addr.arpa. (45)
12:30:34.017930 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.47322: 57773 1/0/0 PTR mad01s09-in-f24.1e100.net. (84)
12:30:34.018062 IP 192.168.1.36.47332 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 49187+ PTR?
234.34.194.173.in-addr.arpa. (45)
12:30:34.054564 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.47332: 49187 1/0/0 PTR mad01s09-in-f10.1e100.net. (84)
12:30:36.265199 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:30:49.055056 IP 192.168.1.36.39989 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 15001+ A?
1.gravatar.com. (32)
12:30:49.091464 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.39989: 15001 2/0/0 CNAME cs91.wac.edgecastcdn.net., A
68.232.35.121 (86)
12:30:51.264657 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:30:54.072671 ARP, Request who-has 192.168.1.1 tell 192.168.1.36,
length 28
12:30:54.073052 ARP, Reply 192.168.1.1 is-at 00:02:cf:56:7c:a0 (oui
Unknown), length 46
12:31:02.266585 IP 192.168.1.1.router > 192.168.1.255.router: RIPv2,
Response, length: 64
12:31:06.265150 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:31:21.265653 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
12:31:32.268546 IP 192.168.1.1.router > 192.168.1.255.router: RIPv2,
Response, length: 64
12:31:34.092677 IP 192.168.1.36.51976 >
250.Red-80-58-61.staticIP.rima-tde.net.domain: 4676+ A?
www.inteligentcomp.com. (40)
12:31:34.128480 IP 250.Red-80-58-61.staticIP.rima-tde.net.domain >
192.168.1.36.51976: 4676 3/0/0 CNAME ghs.google.com., CNAME
ghs.l.google.com., A 173.194.66.121 (101)
12:31:36.267176 IP 192.168.1.1 > all-systems.mcast.net: igmp query v2
[max resp time 5]
^C
93 packets captured
93 packets received by filter
0 packets dropped by kernel

Re: [opensuse] what is this traffic on my eth0?

Florian Gleixner