Unknown network traffic

T o n g Fri, 09 Jan 2009 09:08:30 -0800

Hi,

I've tried all the network bandwidth monitoring tools that I know to find
out the unknown network traffic I'm having now, I've tried iftop, netstat,
lsof and pktstat, and still can't find out the result. Please help.


First, neither of the following command reveal anything suspicious:

 netstat -ap | grep -v ^unix
 lsof -i

However, iftop reports:

  192.168.0.100    => 192.168.0.1                1.95Kb  1.24Kb  1.31Kb
                   <=                            4.71Kb  3.50Kb  3.41Kb
  192.168.0.100    => i118-17-235-161.s10.a024.     0b    130b    108b
                   <=                               0b    107b     89b
  192.168.0.100    => 71-15-119-132.dhcp.ftwo.t     0b    127b    106b
                   <=                               0b    105b     87b
  192.168.0.100    => 76.105.253.104              636b    127b    106b
                   <=                             524b    105b     87b
  192.168.0.100    => lan31-4-82-227-130-41.fbx     0b    127b    106b
                   <=                               0b    105b     87b
  192.168.0.100    => ctv-86-100-215-242.ip.ryg     0b    127b    106b
                   <=                               0b    105b     87b
  192.168.0.100    => i038098.gprs.dnafinland.f   636b    127b    106b
                   <=                             524b    105b     87b
  192.168.0.100    => host-89-228-137-138.gorzo     0b    127b    106b
                   <=                               0b    105b    106b

That's all tools that I know, then I google and find pktstat, which reports:

   bps    % desc  
 107.2   0% icmp unreach port 192.168.0.100 -> 119.40.7.39
 107.2   0% icmp unreach port 192.168.0.100 -> 122-121-216-117
 107.2   0% icmp unreach port 192.168.0.100 -> 17
 107.2   0% icmp unreach port 192.168.0.100 -> 220-136-240-189
 108.5   0% icmp unreach port 192.168.0.100 -> 227
 105.4   0% icmp unreach port 192.168.0.100 -> 77.81.248.210
 105.4   0% icmp unreach port 192.168.0.100 -> 83-157-127-150
 108.5   0% icmp unreach port 192.168.0.100 -> 84
            icmp unreach port 192.168.0.100 -> 87-121-157-166
  82.8   0% icmp unreach port 192.168.0.100 -> 93.190.206.248
 108.5   0% icmp unreach port 192.168.0.100 -> adsl110-221
 105.4   0% icmp unreach port 192.168.0.100 -> bas3-montreal02-1096681363
 108.5   0% icmp unreach port 192.168.0.100 -> bau06-5-88-168-64-43
 107.2   0% icmp unreach port 192.168.0.100 -> cpc4-neat2-0-0-cust924
 105.4   0% icmp unreach port 192.168.0.100 -> host217-43-58-203
            icmp unreach port 192.168.0.100 -> host70-87-dynamic
 108.5   0% icmp unreach port 192.168.0.100 -> host86-137-255-28
 107.2   0% icmp unreach port 192.168.0.100 -> i222-150-158-232

My normal network bandwidth is almost 0. Now, with 1.95Kb outbound and 
4.71Kb inbound, I don't know what's exactly going on with my network.
I've even tried to 'ifdown eth0' then 'ifup eth0', but the traffic 
resumes. Can anyone help? 


Thanks


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Unknown network traffic

Reply via email to