Always downloading...

[ett_gramse_nap]

After installing torsmo and having it update once per second I've noticed that eth0 always stay active downloading 1-2KB/s. What's that all about? Should it be that way ...or worse: Am I being hacked?

[pat1]

are you running samba? Samba sends stuff out all the time to see which computers are on the network..

If not, open ethereal or something similar and see what all the traffic is

[ett_gramse_nap]

I don't run any services at all. And I've got shorewall proper configured. What other
ways are there to see what the traffic is? I don't have "ethereal".

Thanks for the fast response!

[pat1]

ethereal is the best program i know for something like this... and it is very useful

Code: Select all

emerge ethereal

[ett_gramse_nap]

Ok, emerging now.

[ett_gramse_nap]

Ok. I've ran ethereal and it turned out to be a lot of connections to some ARP protocol that were showing up in torsmo. I don't know anything about networks and suchs but does this just mean that it's my computer that checks back to the dhcp-server or samething similiar? In other words: is this harmless?

[gnuageux]

Its probably broadcast traffic is all. I wouldnt worry too much about it. ARP (address resolution protocol) maps Logical addresses (ip) to physical address (MAC). It works like this, say that host1 connects to a network and knows nothing except his MAC and his IP. He tries to ping host2. He will send out a broadcast message to asking everyone in his ip space hey - if you know this IP address please respond with your MAC. Host2 recognizes this and replies. Host1's ARP cache is then populated with the mapping. Thats kinda how ARP works.

[ett_gramse_nap]

Thanks guys! I'll guess I just have to disregard that 1-2KB/s stream from now...