Re: [Sheflug] igmp packets...... it's getting worse....

["Chris J/#6" <nospam [at] nccnet.co.uk>]

> It's got lots of stuff in it :)  Try this:
> 
> lsof -nP | grep IPv4
> 
> -n prevents conversion of IP addresses to hostnames
> -P prevents port numbers being converted to service names
> 

Or miss out the grep and try:
	lsof -nPi 

:)

As for the incoming IGMP requests, you may no ness. be running something that 
listens on 224.0.0.1 - as said before, the packet is coming in from the NTL 
box with a destination address of 224.0.0.1 ... its coming through the 
network layer in the kernel, but that doesn't mean anything is listening on 
it.

What's the output on 'ifconfig' and 'netstat -r' (ie network config and 
routing table)? I dunno if this is a problem, but on my machine ppp0 is 
flagged as MULTICAST which essentially means ppp0 will accept incoming 
multicast packets.

As an experiment, type:
	"ifconfig ppp0 -multicast"
when you're next online, and see if the IGMP packets cease. I've just tried 
it on my machine and it hasn't affected my PPP link (didn't think it would, 
but ppp could have done summat funny). Use "ifconfig ppp0 multicast" to 
switch the flag back on.

Unfortuantly, there is no way you are going to stop these incoming packets 
without talking to NTL themselves. What the source machine truely is, I don't 
know...all a DNS check is telling me is "cvx1a.lin.ntl.com". I've never used 
NTL, so can't even guess if its part of their core network or a customer.

The biggest problem with the multicasts packets is that they're eating up 
bandwidth on your line. If they suddenly increase, then it could kill the 
connection, and there is nowt you can do about it. Even with the multicast 
flag off on ppp0, the packets will come up the serial line - all that flag 
means is that they'll all be rejected by the kernel's network layer. It may 
be worth trying to find out what the packets are - a good tool for this is 
"ethereal" (which you need GTK and X for)...however I'm sure there must be a 
way, but I haven't found it, of dumping the data within packets using plain 
tcpdump. Ethereal is a nice tool though, so give that a whirl (if you want 
more crud installed on your computer :) Failing that, use tcpdump to capture 
a few mins of traffic to a file then mail it here and I'll load it into my 
copy of ethereal and see what it says (use tcpdump -i ppp0 -w somefile). :)

Chris...

-- 
Chris Johnson            \  "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk        \  for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/   ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000   \______


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.