Cross posted to Linux-390 and TCP
We have a new (our first and only) Linux system running in lpar mode on
an IFL with a couple of OSA cards. While debugging a routing issue we
noticed using TCPDUMP a HUGE amount of traffic. Using Ethereal we
captured some packets and discovered thousands of multicast packets
coming from unknown mac addresses. So far we haven't been able to track
down the source. There is also a large amount of transmit and receive on
the lo interface.
etho is an OSA card
eth0 Link encap:Ethernet HWaddr 00:11:25:C0:7D:46
inet addr:128.231.64.58 Bcast:128.231.64.63
Mask:255.255.255.240
inet6 addr: fe80::11:2500:3c0:7d46/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
RX packets:373086979 errors:0 dropped:0 overruns:0 frame:0
TX packets:374285864 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:342709089383 (319.1 GiB) TX bytes:344558800424
(320.8 GiB)
This is a representative packet from tcpdump. The command I issued was a
simple tcpdump, no operands.
06:42:27.487761 40:00:40:06:f0:0c (oui Unknown) > 45:10:00:cc:ba:65 (oui
Unknown), ethertype Unknown (0x80e7), length 204:
0x0000: 403b 80e7 4da0 0016 0529 64d2 9d96 7e4c
@;..M....)d...~L
0x0010: a458 5018 2180 81a0 0000 2ab2 e1aa 17c5
.XP.!.....*.....
0x0020: 3ebe 9a14 e52a c003 99f5 1e92 dd6e bedb
>....*.......n..
0x0030: 5733 a2c4 6345 bc66 7e7b c1f0 7344 8eb7
W3..cE.f~{..sD..
0x0040: 8031 41eb 3d94 6f75 1a10 f82a 0fdd 7f1f
.1A.=.ou...*....
0x0050: 5ea0 ^.
45487 packets captured
363358 packets received by filter
272313 packets dropped by kernel
Any suggestions on what this is or where to look would be appreciated.
Thanks
Bobby Bauer
Center for Information Technology
National Institutes of Health
Bethesda, MD 20892-5628
301-594-7474
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390