Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-20 Thread Daniel Klein
On 10/12/19 5:03 PM, Stefan Krusche wrote: Why would my machine send these requests? Any hint much appreciated. That's not your machine, it's the next hop in the network segment Vodafone (formerly Kabel Deutschland) uses. It's the same here: # route -n Kernel IP routing table Destination

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-16 Thread s
Hi mett, > > Hi, > > if this is really outgoing arp request, > maybe ur default route is not properly > configured. > Like u have no next-hop address, > only an outgoing interface as a default > route: > > ip route default dev en0 > > instead of > > ip route default via 91.sm.th.ing

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread s
Hi Stefan, > > first of all, your machine seems to be the dns server, or you have > > static ips assigned? > > Yes, unbound DNS resolver is running on this machine. No static IPs. > You have a public dynamic IP, I assume. So you are in the domain: 'dynamic.kabel-deutschland.de' but by what I

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread mett
On 2019年10月13日 18:24:54 JST, "Dr. Nikolaus Klepp" wrote: >Anno domini 2019 Sun, 13 Oct 10:47:30 +0200 > Stefan Krusche scripsit: >> Am Sonntag, 13. Oktober 2019 schrieb Dr. Nikolaus Klepp: >> > There is some misunderstanding: The ARP package has nothing to do >> > with DNS. >> >> That's what

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread Dr. Nikolaus Klepp
Anno domini 2019 Sun, 13 Oct 10:47:30 +0200 Stefan Krusche scripsit: > Am Sonntag, 13. Oktober 2019 schrieb Dr. Nikolaus Klepp: > > There is some misunderstanding: The ARP package has nothing to do > > with DNS. > > That's what I've been thinking and why I asked. > > > It basicly links MAC to

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread Stefan Krusche
Am Sonntag, 13. Oktober 2019 schrieb Dr. Nikolaus Klepp: > There is some misunderstanding: The ARP package has nothing to do > with DNS. That's what I've been thinking and why I asked. > It basicly links MAC to IP - and you can do funny things > with it. Okay, I still can't seem to connect

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread Dr. Nikolaus Klepp
Anno domini 2019 Sun, 13 Oct 10:13:31 +0200 Stefan Krusche scripsit: > Hello Tux, > > thanks for your reply. > > "s@po" schrieb am 12.10.2019 20:10: > > > > Why would my machine send these requests? > > > > first of all, your machine seems to be the dns server, or you have > > static ips

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread Stefan Krusche
Hello Tux, thanks for your reply. "s@po" schrieb am 12.10.2019 20:10: > > Why would my machine send these requests? > > first of all, your machine seems to be the dns server, or you have > static ips assigned? Yes, unbound DNS resolver is running on this machine. No static IPs. > # cat

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-13 Thread Stefan Krusche
Am Samstag, 12. Oktober 2019 schrieb Dr. Nikolaus Klepp: > > Any hint much appreciated. > > Please see: > http://www.omnisecu.com/tcpip/address-resolution-protocol-arp.php And > search for "arp spooing", this will reveal more funny details :) Okay, this will take some time to understand… Thanks.

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-12 Thread s
Hi Stefan, > Yes, good guess! Tcpdump show lots of these messages: > > 16:47:40.633536 ARP, Request who-has ip5b418d68.dynamic.kabel-deutschland.de > tell ip5b418dfe.dynamic.kabel-deutschland.de, length 46 > 16:47:40.821784 ARP, Request who-has ip5b418b24.dynamic.kabel-deutschland.de > tell

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-12 Thread Dr. Nikolaus Klepp
Anno domini 2019 Sat, 12 Oct 17:03:29 +0200 Stefan Krusche scripsit: > Am Samstag, 12. Oktober 2019 schrieb Dr. Nikolaus Klepp: > > Install wireshark or tcpdump. Guess it's the "arp-who-has ... tell > > ..." class of messages. > > Yes, good guess! Tcpdump show lots of these messages: > >

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-12 Thread Stefan Krusche
Am Samstag, 12. Oktober 2019 schrieb Dr. Nikolaus Klepp: > Install wireshark or tcpdump. Guess it's the "arp-who-has ... tell > ..." class of messages. Yes, good guess! Tcpdump show lots of these messages: 16:47:40.633536 ARP, Request who-has ip5b418d68.dynamic.kabel-deutschland.de tell

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-12 Thread Stefan Krusche
Am Samstag, 12. Oktober 2019 schrieb Dr. Nikolaus Klepp: > Install wireshark or tcpdump. Guess it's the "arp-who-has ... tell > ..." class of messages. > > Nik Thanks, Nik. Cheers Stefan ___ Dng mailing list Dng@lists.dyne.org

Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-12 Thread Dr. Nikolaus Klepp
Anno domini 2019 Sat, 12 Oct 16:09:47 +0200 Stefan Krusche scripsit: > Good day everyone, > > since recently I noticed a very constant outgoing ARP traffic > on my machine (desktop, Devuan ascii) of about 7K/s which I > don't think was there before. > > jnettop shows this: > LOCAL <-> REMOTE

[DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s

2019-10-12 Thread Stefan Krusche
Good day everyone, since recently I noticed a very constant outgoing ARP traffic on my machine (desktop, Devuan ascii) of about 7K/s which I don't think was there before. jnettop shows this: LOCAL <-> REMOTE TXBPS RXBPS TOTALBPS (IP)