> I've tried all the network bandwidth monitoring tools that I know to find > out the unknown network traffic I'm having now . . .
As for tools to further analysis the traffic, Both Allen Kistler @gmail.com & Javier Barroso @comp.os.linux.networking suggested tcpdump and wireshark, which are pretty much the standard tools for capturing and dissecting traffic. Chris Davies @comp.os.linux.networking suggested tshark (the console version of wireshark) and showed its usage as well (thanks!): tshark -nlp -i eth0 James Youngman @gnu.org suggested to run tcpdup -n -i eth0 although I didn't find where the executable comes from. > My normal network bandwidth is almost 0. Now, with 1.95Kb outbound and > 4.71Kb inbound, I don't know what's exactly going on with my network. As for analyzing the cause of the unknown traffic, > bps % desc > 107.2 0% icmp unreach port 192.168.0.100 -> 119.40.7.39 > 107.2 0% icmp unreach port 192.168.0.100 -> 122-121-216-117 > 107.2 0% icmp unreach port 192.168.0.100 -> 17 > 107.2 0% icmp unreach port 192.168.0.100 -> 220-136-240-189 > 108.5 0% icmp unreach port 192.168.0.100 -> 227 > 105.4 0% icmp unreach port 192.168.0.100 -> 77.81.248.210 > 105.4 0% icmp unreach port 192.168.0.100 -> 83-157-127-150 > . . . Both James Youngman @gnu.org and Eric Pozharski @comp.os.linux.networking explained the actual meaning of "icmp unreach port": ... these ICMP port-unreachable errors indicate that the remote systems are trying to communicate with a network port you're not listening on. ... those hosts attempt to open port on yours address...; then, since you (supposedly) don't have those services enabled on your host, yours kernel REJECTs them (that's what "icmp unreach port" means). Knowing this, I feel much relieved. > First of all, these are very small numbers. This almost certainly is > not a summary of what's using up all your bandwidth (if that's indeed > happening). The explanation for this is that I didn't list all the traffic. There are many and they do add up to all my bandwidth. The actual reason, I think, is that I've used a Bittorrent client before. But it was *hours* before -- didn't expect the Bittorrent clients on other side were so persistent... Thanks again to everybody! Cheers -- Tong (remove underscore(s) to reply) http://xpt.sourceforge.net/techdocs/ http://xpt.sourceforge.net/tools/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
