[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] igmp packets...... it's getting worse....
> It's got lots of stuff in it :) Try this:
>
> lsof -nP | grep IPv4
>
> -n prevents conversion of IP addresses to hostnames
> -P prevents port numbers being converted to service names
>
Or miss out the grep and try:
lsof -nPi
:)
As for the incoming IGMP requests, you may no ness. be running something that
listens on 224.0.0.1 - as said before, the packet is coming in from the NTL
box with a destination address of 224.0.0.1 ... its coming through the
network layer in the kernel, but that doesn't mean anything is listening on
it.
What's the output on 'ifconfig' and 'netstat -r' (ie network config and
routing table)? I dunno if this is a problem, but on my machine ppp0 is
flagged as MULTICAST which essentially means ppp0 will accept incoming
multicast packets.
As an experiment, type:
"ifconfig ppp0 -multicast"
when you're next online, and see if the IGMP packets cease. I've just tried
it on my machine and it hasn't affected my PPP link (didn't think it would,
but ppp could have done summat funny). Use "ifconfig ppp0 multicast" to
switch the flag back on.
Unfortuantly, there is no way you are going to stop these incoming packets
without talking to NTL themselves. What the source machine truely is, I don't
know...all a DNS check is telling me is "cvx1a.lin.ntl.com". I've never used
NTL, so can't even guess if its part of their core network or a customer.
The biggest problem with the multicasts packets is that they're eating up
bandwidth on your line. If they suddenly increase, then it could kill the
connection, and there is nowt you can do about it. Even with the multicast
flag off on ppp0, the packets will come up the serial line - all that flag
means is that they'll all be rejected by the kernel's network layer. It may
be worth trying to find out what the packets are - a good tool for this is
"ethereal" (which you need GTK and X for)...however I'm sure there must be a
way, but I haven't found it, of dumping the data within packets using plain
tcpdump. Ethereal is a nice tool though, so give that a whirl (if you want
more crud installed on your computer :) Failing that, use tcpdump to capture
a few mins of traffic to a file then mail it here and I'll load it into my
copy of ethereal and see what it says (use tcpdump -i ppp0 -w somefile). :)
Chris...
--
Chris Johnson \ "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk \ for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/ ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \______
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.