too much network traffic after -current upgrade

Discussion:

(too old to reply)

John Forkosh

2020-06-25 04:50:30 UTC

I've been running -current downloaded on 9/1/19, and recently
did a test-install on a spare partition of -current from 2/28/20.
Looks fine except for extra unexplained network traffic...

I've got a verizon dsl modem plugged into a switch that
distributes the bandwidth among several linux boxes on
my wired lan (nowadays only one box is powered up at a time).
And up until now (i.e., back to slackware 8.something)
lights on the 8-port switch would blink maybe once a second
while I wasn't using the network. But now, as soon as I type
dhcpcd -d -h boxname -s 192.168.1.x (each box has a static ip)
the switch lights start vigorously flashing maybe 10-15 times
per second.

What on slackware might have changed between 9/1/19 and 2/28/20
to explain the additional and unwanted (and scary) traffic?
And how might I stop it?

--
John Forkosh ( mailto: ***@f.com where j=john and f=forkosh )

Rich

2020-06-25 13:55:09 UTC

Permalink

Post by John Forkosh
What on slackware might have changed between 9/1/19 and 2/28/20
to explain the additional and unwanted (and scary) traffic?

Find out for yourself. Insert a network sniffing machine in between
and monitor the network traffic.

Post by John Forkosh
And how might I stop it?

Until you determine what it is, then the only answer we here on Usenet
could give is: "unplug the network cable".

K Venken

2020-06-25 15:37:50 UTC

Permalink

Post by Rich

Post by John Forkosh
What on slackware might have changed between 9/1/19 and 2/28/20
to explain the additional and unwanted (and scary) traffic?

Find out for yourself. Insert a network sniffing machine in between
and monitor the network traffic.

Post by John Forkosh
And how might I stop it?

Until you determine what it is, then the only answer we here on Usenet
could give is: "unplug the network cable".

If you don't want to insert a sniffer yet,...

You can try iftop to get an idea which connections are made.
You can get nethog from slackbuilds.org to see which applications are
using which connections.

Maybe it helps to get started.

John Forkosh

2020-06-26 04:57:34 UTC

Permalink

Post by K Venken

Post by Rich

Post by John Forkosh
What on slackware might have changed between 9/1/19 and 2/28/20
to explain the additional and unwanted (and scary) traffic?

Find out for yourself. Insert a network sniffing machine in between
and monitor the network traffic.

Post by John Forkosh
And how might I stop it?

Until you determine what it is, then the only answer we here on Usenet
could give is: "unplug the network cable".

If you don't want to insert a sniffer yet,...
You can try iftop to get an idea which connections are made.
You can get nethog from slackbuilds.org to see which applications are
using which connections.
Maybe it helps to get started.

Thanks, Karel and Rich. Yeah, I tried iftop and a sniffer's
too much buck for the bang, at least for now. Nethog sounds
more like what I want -- the particular connections aren't
that interesting; it's why they're occurring at all.
I'm using exactly the same iptables firewall script,
and nothing about the network setup, neither hard/software,
has changed; just the -current64 install itself.
I'll try nethog next time I boot that machine and partition,
and see if it helps to identify which slackware component
is doing what.

--
John Forkosh ( mailto: ***@f.com where j=john and f=forkosh )

Henrik Carlqvist

2020-06-26 05:52:09 UTC

Permalink

a sniffer's too much buck for the bang, at least for now.

Included in Slackware is tcpdump and wireshark is available as a
slackbuild.

Nethog sounds more like what I want

Another nice tool included in Slackware is netwatch.

regards Henrik

John Forkosh

2020-06-26 08:49:54 UTC

Permalink

Post by Henrik Carlqvist

a sniffer's too much buck for the bang, at least for now.

Included in Slackware is tcpdump and wireshark is available as a
slackbuild.

Nethog sounds more like what I want

Another nice tool included in Slackware is netwatch.
regards Henrik

Thanks for the additional suggestions, Henrik.
netwatch indeed looks a bit nicer than iftop.
But what I'd kind of expected/hoped by posting here,
is that some other -current64 user would have noticed
the same thing when upgrading, and followed-up with
an explanation why it's happening, and whether it's
just a benign side-effect of some upgraded series-n
package, and/or how to suppress the behavior, etc.

Otherwise, I'll proceed trying to track down the root
cause myself, next time I boot the upgraded box/partition
(right now I'm on a laptop running 14.2x64, and won't be
back to that desktop till next week). But I'm pretty
dumb vis-a-vis serious network stuff, so will just have
to mess around and hope that turns up some useful info.

--
John Forkosh ( mailto: ***@f.com where j=john and f=forkosh )

K Venken

2020-06-26 11:35:19 UTC

Permalink

Post by John Forkosh

Post by K Venken

Post by Rich

Post by John Forkosh
What on slackware might have changed between 9/1/19 and 2/28/20
to explain the additional and unwanted (and scary) traffic?

Find out for yourself. Insert a network sniffing machine in between
and monitor the network traffic.

Post by John Forkosh
And how might I stop it?

Until you determine what it is, then the only answer we here on Usenet
could give is: "unplug the network cable".

If you don't want to insert a sniffer yet,...
You can try iftop to get an idea which connections are made.
You can get nethog from slackbuilds.org to see which applications are
using which connections.
Maybe it helps to get started.

As you are running current, you may have more luck then me with tcpview.
(Look for tcpview for Linux, as it originated from Windows, the page is
https://sourceforge.net/projects/tcpview-for-linux/). I couldn't get it
compiled, and the (Ubuntu) binaries didn't run, at least on 14.2, but it
looks to what you need.