:: Re: [DNG] how to investigate consta…
Pàgina inicial
Delete this message
Reply to this message
Autor: Dr. Nikolaus Klepp
Data:  
A: dng
Assumpte: Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s
Anno domini 2019 Sat, 12 Oct 16:09:47 +0200
Stefan Krusche scripsit:
> Good day everyone,
>
> since recently I noticed a very constant outgoing ARP traffic
> on my machine (desktop, Devuan ascii) of about 7K/s which I
> don't think was there before.
>
> jnettop shows this:
> LOCAL <-> REMOTE                                              TXBPS   RXBPS TOTALBPS
>  (IP)                          PORT  PROTO  (IP)      PORT       TX      RX    TOTAL
> UNKNOWNv4 <-> UNKNOWNv4                                     8.12K/s    0b/s  8.12K/s
>  0.0.0.0                          0    ARP  0.0.0.0      0     149K      0b     149K

>
>
> arp cache shows this which is the standard gateway of my ISP:
> $ arp -n
> Address                  HWtype  HWaddress           Flags Mask            Iface
> 91.65.138.254            ether   00:17:10:9a:24:a8   C                     net0

>
>
> What can I do to further investigate where this comes from
> or how to stop it? Please advise or explain to a total network
> novice.


Install wireshark or tcpdump. Guess it's the "arp-who-has ... tell ..." class of messages.

Nik

>
> Thanks and kind regards,
> Stefan
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>




--
Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...