Complete.Org: Mailing Lists: Archives: linux-help: August 2001:
[linux-help] Re: strange network traffic 		Home

[linux-help] Re: strange network traffic

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <linux-help@xxxxxxxxx>
Subject: [linux-help] Re: strange network traffic
From: "gLaNDix (Jesse Kaufman)" <glandix@xxxxxxxxxxxxxx>
Date: Tue, 7 Aug 2001 02:01:05 -0500 (CDT)
Reply-to: linux-help@xxxxxxxxx 
well, after freaking out and trying everything i could think of, i went to
the RR webpage to see if anything strange was going on...  from the
information on the page, seems like the strange constant flow of traffic
(going on 48 solid hrs!) is due to Code Red...  damn NT/2k boxes! : ^ )

<<< lloydix.2y.net FreeBSD 4.3-RELEASE #0: Thu Jul 5 06:16:31 CDT 2001 
glandix@xxxxxxxxxxxxxx:/usr/obj/usr/src/sys/LLOYDIX >>>


On Mon, 6 Aug 2001, gLaNDix (Jesse Kaufman) wrote:

>
> tonite, i've been seeing a constant flow of network traffic going thru
> both my cablemodem and switch...  not exactly sure how to check out what
> is going on, but i tried running tcpdump and here's a small sample of
> what's showing:
>
> ...
> 04:02:59.385454 wks-166-132-164.kscable.com.2119 > ns2.kscable.com.domain:
> 51495+ PTR? 128.222.94.24.in-addr.arpa. (44)
> 04:02:59.464077 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2119:
> 51495* 1/2/2 (174)
> 04:02:59.465871 wks-166-132-164.kscable.com.2120 > ns2.kscable.com.domain:
> 51496+ PTR? 76.134.166.24.in-addr.arpa. (44)
> 04:02:59.494552 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2120:
> 51496* 1/0/0 (84)
> 04:02:59.496524 wks-166-132-164.kscable.com.2121 > ns2.kscable.com.domain:
> 51497+ PTR? 147.222.94.24.in-addr.arpa. (44)
> 04:02:59.583626 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2121:
> 51497* 1/2/2 (174)
> 04:02:59.585460 wks-166-132-164.kscable.com.2122 > ns2.kscable.com.domain:
> 51498+ PTR? 187.222.94.24.in-addr.arpa. (44)
> 04:02:59.599965 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2122:
> 51498* 1/2/2 (174)
> 04:02:59.615680 arp who-has wks-166-135-147.kscable.com tell
> wks-166-132-1.kscable.com
> 04:02:59.676452 arp who-has wks-94-222-9.kscable.com tell
> wks-94-222-1.kscable.com
> 04:02:59.714806 arp who-has wks-94-198-117.kscable.com tell
> wks-94-198-1.kscable.com
> 04:02:59.736141 arp who-has wks-94-222-98.kscable.com tell
> wks-94-222-1.kscable.com
> ...
>
> any ideas?
>
> gLaNDix
>
> <<< lloydix.2y.net FreeBSD 4.3-RELEASE #0: Thu Jul 5 06:16:31 CDT 2001 
> glandix@xxxxxxxxxxxxxx:/usr/obj/usr/src/sys/LLOYDIX >>>
>
>
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
>

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
[Prev in Thread] Current Thread [Next in Thread]