On Saturday 31 May 2003 2:52 am, Steve Jeppesen wrote: > On Thu, 29 May 2003 13:05:28 +0100 > > Richard Urwin <[EMAIL PROTECTED]> wrote: > > As for the constant traffic try disabling your mail server. If this > > doesn't stop it install Ethereal (www.ethereal.com, rpms are on MDK9.x > > CDs) capture the traffic and see if it explains the router's data > > light. Send me a capture file if you want help decoding it. (Disable > > your mail server then too, or I'll get to see your passwords.) > > Sorry for not replying too quick... > > mail server....am not running one. What does nmap show?
I only mentioned it because it will generate traffic at regular intervals, and you might have set it to run every few seconds. > > As for Ethereal, gotta run upstairs now and find out just who is > visiting www.createafart.com LOL Just watch the look on their faces when you ask :-) > > or is there a way to tell within ethereal's output? Am off to find a > good FM so I can RTFM on ethereal! The protocol specifications are at http://www.ietf.org/rfc.html but they are somewhat terse. http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=tcp%2Fip+tutorial&btnG=Google+Search returns many interesting looking results. > > Thank you for the info on ethereal Richard, nice network monitor > - from what I can tell so far, looks like alot of ARP traffic, > someone/something asking who has such and such IP. > > ARP - should that not be directed at my IP? ARP, the Address Resolution Protocol, RFC826, http://www.ietf.org/rfc/rfc0826.txt?number=826 ARP is used to find the ethernet address of a machine, when only the IP address is known, which is the usual situation on a LAN. It should be impossible for an ARP request to get onto your network from outside, or vice-versa. ARP is not capable of being routed since it sits on top of Etherenet, not IP. Ethereal will report the messages as "who has X, tell Y" where Y is the originator of the request, and both should be machines on your network. There will be a fair amount of this on a network with multiple intercommunicating machines because the ARP system caches addresses for a limited time, and then has to ask again. On my network I see a good deal of SMB traffic, even when the windows machine is turned off. (The Linux machine is looking for someone to talk to.) -- Richard Urwin
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
