Unknown network traffic

To: debian-user@lists.debian.org
Subject: Unknown network traffic
From: T o n g <mlist4suntong@yahoo.com>
Date: Fri, 9 Jan 2009 17:08:00 +0000 (UTC)
Message-id: <[🔎] gk809f$3ta$1@ger.gmane.org>

Hi,

I've tried all the network bandwidth monitoring tools that I know to find
out the unknown network traffic I'm having now, I've tried iftop, netstat,
lsof and pktstat, and still can't find out the result. Please help.

First, neither of the following command reveal anything suspicious:

 netstat -ap | grep -v ^unix
 lsof -i

However, iftop reports:

  192.168.0.100    => 192.168.0.1                1.95Kb  1.24Kb  1.31Kb
                   <=                            4.71Kb  3.50Kb  3.41Kb
  192.168.0.100    => i118-17-235-161.s10.a024.     0b    130b    108b
                   <=                               0b    107b     89b
  192.168.0.100    => 71-15-119-132.dhcp.ftwo.t     0b    127b    106b
                   <=                               0b    105b     87b
  192.168.0.100    => 76.105.253.104              636b    127b    106b
                   <=                             524b    105b     87b
  192.168.0.100    => lan31-4-82-227-130-41.fbx     0b    127b    106b
                   <=                               0b    105b     87b
  192.168.0.100    => ctv-86-100-215-242.ip.ryg     0b    127b    106b
                   <=                               0b    105b     87b
  192.168.0.100    => i038098.gprs.dnafinland.f   636b    127b    106b
                   <=                             524b    105b     87b
  192.168.0.100    => host-89-228-137-138.gorzo     0b    127b    106b
                   <=                               0b    105b    106b

That's all tools that I know, then I google and find pktstat, which reports:

   bps    % desc  
 107.2   0% icmp unreach port 192.168.0.100 -> 119.40.7.39
 107.2   0% icmp unreach port 192.168.0.100 -> 122-121-216-117
 107.2   0% icmp unreach port 192.168.0.100 -> 17
 107.2   0% icmp unreach port 192.168.0.100 -> 220-136-240-189
 108.5   0% icmp unreach port 192.168.0.100 -> 227
 105.4   0% icmp unreach port 192.168.0.100 -> 77.81.248.210
 105.4   0% icmp unreach port 192.168.0.100 -> 83-157-127-150
 108.5   0% icmp unreach port 192.168.0.100 -> 84
            icmp unreach port 192.168.0.100 -> 87-121-157-166
  82.8   0% icmp unreach port 192.168.0.100 -> 93.190.206.248
 108.5   0% icmp unreach port 192.168.0.100 -> adsl110-221
 105.4   0% icmp unreach port 192.168.0.100 -> bas3-montreal02-1096681363
 108.5   0% icmp unreach port 192.168.0.100 -> bau06-5-88-168-64-43
 107.2   0% icmp unreach port 192.168.0.100 -> cpc4-neat2-0-0-cust924
 105.4   0% icmp unreach port 192.168.0.100 -> host217-43-58-203
            icmp unreach port 192.168.0.100 -> host70-87-dynamic
 108.5   0% icmp unreach port 192.168.0.100 -> host86-137-255-28
 107.2   0% icmp unreach port 192.168.0.100 -> i222-150-158-232

My normal network bandwidth is almost 0. Now, with 1.95Kb outbound and 
4.71Kb inbound, I don't know what's exactly going on with my network.
I've even tried to 'ifdown eth0' then 'ifup eth0', but the traffic 
resumes. Can anyone help? 


Thanks

Reply to:

Follow-Ups:
- Re: Unknown network traffic
  - From: "James Youngman" <jay@gnu.org>
- Re: Unknown network traffic
  - From: "Javier Barroso" <javibarroso@gmail.com>
- Re: Unknown network traffic (Conclusion)
  - From: T o n g <mlist4suntong@yahoo.com>

Prev by Date: Re: Долгие мучения с KDE
Next by Date: Re: k3b & brasero don't work, nerolinux does- works ar 2X
Previous by thread: Evolution palm sync problem
Next by thread: Re: Unknown network traffic
Index(es):
- Date
- Thread