tcpdump mailing list archives
Unusual traffic, not sure how to analyze
From: Scott Haneda <lists () newgeo com>
Date: Thu, 29 Dec 2005 22:46:38 -0800
Hello, I am using OS X. I just got MRTG up and running on one machine, and I see a lot more inbound traffic than I should. All I am running is http and mysql, in both cases, that should be mostly outbound. Yet somehow, I have around average 1000k showing in my inbound mrtg graphs. I ran this on the machine: sudo tcpdump -vvv * I know nothing at all about tcpdump, which is why I am here, so be gentle :-) Here is a snip of what I see a ton of, literally, hundreds of this host hitting me 22:41:12.603925 IP (tos 0x0, ttl 64, id 16883, offset 0, flags [DF], length: 1300) hook.me.com.http > bgyarmat-wlan103.profinter.hu.visionpyramid: . 3358608:3359856(1248) ack 137 win 33696 <nop,nop,timestamp 3987409720 28089> Watching the http logs shows there is little activity, so I am not sure what to make of it. There are also these 22:45:20.145715 IP (tos 0x0, ttl 64, id 27058, offset 0, flags [DF], length: 1500) hook.me.com.http > ool-182f22f5.dyn.optonline.net.4211: . 500781:502241(1460) ack 245 win 33580 Anyone who can help, I would certainly appreciate it. -- ------------------------------------------------------------- Scott Haneda Tel: 415.898.2602 <http://www.newgeo.com> Novato, CA U.S.A. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Unusual traffic, not sure how to analyze Scott Haneda (Jan 10)