non-unicast packets on Wan interface (cable modem)
in [Linux Networking]
|
Prev: ospf and openvpn
Next: daytrek vigor 2820n
From: Scott on 18 Jun 2010 14:02 Technically this isn't Linux-specific, but I couldn't find a decent generic networking group that still existed. If anyone has a suggestion, please point me in that direction... While poking around my router, I noticed something interesting. Approximately one third of the incoming traffic is classified as non- unicast. My statistics show approximately 20 million unicast packets and 10 million non-unicast (broadcast or multicast) packets. Out of sheer curiosity, what are these non-unicast packets? My first guess would be that they are DHCP traffic to or from other routers on the same pipe, but it sure looks like an awful lot of traffic. The internet service is a comcast cable modem.
From: Tauno Voipio on 18 Jun 2010 14:09 On 18.6.10 9:02 , Scott wrote: > Technically this isn't Linux-specific, but I couldn't find a decent > generic networking group that still existed. If anyone has a > suggestion, please point me in that direction... > > While poking around my router, I noticed something interesting. > Approximately one third of the incoming traffic is classified as non- > unicast. My statistics show approximately 20 million unicast packets > and 10 million non-unicast (broadcast or multicast) packets. > > Out of sheer curiosity, what are these non-unicast packets? My first > guess would be that they are DHCP traffic to or from other routers on > the same pipe, but it sure looks like an awful lot of traffic. > > The internet service is a comcast cable modem. It may be Microsoft computers hollering for visitors, UDP ports 135 to 139 and 445. The Windows networking stack is pretty talkative. -- Tauno Voipio tauno voipio (at) iki fi
From: Pascal Hambourg on 18 Jun 2010 14:13 Hello, Scott a �crit : > Technically this isn't Linux-specific, but I couldn't find a decent > generic networking group that still existed. If anyone has a > suggestion, please point me in that direction... What about comp.protocols.tcp-ip if it's IP traffic ? > While poking around my router, I noticed something interesting. > Approximately one third of the incoming traffic is classified as non- > unicast. My statistics show approximately 20 million unicast packets > and 10 million non-unicast (broadcast or multicast) packets. Over what time interval ? > Out of sheer curiosity, what are these non-unicast packets? My first > guess would be that they are DHCP traffic to or from other routers on > the same pipe, but it sure looks like an awful lot of traffic. Yes, except maybe if the lease time is ridiculously short. > The internet service is a comcast cable modem. Maybe multicast traffic for TV ?
From: Rick Jones on 18 Jun 2010 14:42 Scott <smbaker(a)gmail.com> wrote: > Technically this isn't Linux-specific, but I couldn't find a decent > generic networking group that still existed. If anyone has a > suggestion, please point me in that direction... > While poking around my router, I noticed something interesting. > Approximately one third of the incoming traffic is classified as non- > unicast. My statistics show approximately 20 million unicast packets > and 10 million non-unicast (broadcast or multicast) packets. > Out of sheer curiosity, what are these non-unicast packets? My first > guess would be that they are DHCP traffic to or from other routers on > the same pipe, but it sure looks like an awful lot of traffic. > The internet service is a comcast cable modem. I understand that doed not have the "isoltion" qualities of DSL, so it could be traffic from your neighbors. If it is passing through the cable modem to your system, you can run a packet trace program to look at the traffic and see what it happens to be. tcpdump, wireshark, etc. rick jones -- the road to hell is paved with business decisions... these opinions are mine, all mine; HP might not want them anyway... :) feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
From: Ken Sims on 18 Jun 2010 16:44
Hi Scott - On Fri, 18 Jun 2010 11:02:04 -0700 (PDT), Scott <smbaker(a)gmail.com> wrote: >Out of sheer curiosity, what are these non-unicast packets? My first >guess would be that they are DHCP traffic to or from other routers on >the same pipe, but it sure looks like an awful lot of traffic. A while back I start getting a bunch of multi-cast stuff, so I added iptables rules to DROP anything -d 224.0.0.0/3 or -s 224.0.0.0/3 on the INPUT of my WAN interfaces. It was not DHCP traffic. I was already DROPping that by protocol plus port numbers. -- Ken |