Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Network traffic caused by netbios?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tinytim
n00b
n00b


Joined: 08 Sep 2005
Posts: 19
PostPosted: Mon Nov 07, 2005 3:43 am    Post subject: Network traffic caused by netbios? Reply with quote
Hi

I'm running a gentoo box on a network with mostly only windows PC's.

After a few moments of uptime, the systems monitor applet shows 30-50% on eth0 (in Ethernet traffic), although it should not be doing anything (I've got no network mounts, no browsers running, nor SAMBA, nor CUPS, etc.) .

I'm using shorewall with the following rules:
Code:

#ACTION  SOURCE         DEST            PROTO   DEST    SOURCE     ORIGINAL
RATE            USER/
#                                               PORT    PORT(S)    DEST
LIMIT           GROUP
ACCEPT   fw             net             tcp     80 #http
ACCEPT   fw             net             udp     80 #http
ACCEPT   fw             net             tcp     443 #https
ACCEPT   fw             net             udp     443 #https
ACCEPT   fw             net             tcp     20 #ftp
ACCEPT   fw             net             tcp     21 #ftp
ACCEPT   fw             net             tcp     22 #ssh
ACCEPT   fw             net             tcp     53 #DNS
ACCEPT   fw             net             udp     53 #DNS
ACCEPT   fw             net             tcp     873 #rsync
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


nmap scans of my computer show only 2 ports are open:
Code:

TCP
(The 1666 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
111/tcp open  rpcbind
 
or

UDP
(The 1478 ports scanned but not shown below are in state: closed)
PORT    STATE         SERVICE
68/udp  open|filtered dhcpclient
111/udp open|filtered rpcbind


Any idea where the traffic might be coming from?

Is there any way to monitor what exactly is going in and out of my eth0, from where and to where?
(I tried iptraf, but that shows me a LOT of other machines apparently talking to one another with my IP mentioned nowhere; and most of the traffic is on the netbios UDP ports 137 and 138)

Any other ideas of what I could try?
Back to top
View user's profile Send private message
egberts
Guru
Guru


Joined: 04 Nov 2003
Posts: 357
Location: Dimmed Cathode Ray Tube
PostPosted: Wed Nov 16, 2005 6:43 am    Post subject: Reply with quote
Easiest method if your network is small, is to write down all of your PC's ethernet MAC address and then to filter for them using tcpdump/ethereal.
_________________
Clusters of Fry's Special, AMD 2200, 2 GB DDR, 220 GB (2008.1/desktop, stage 1, -O3) x8
HP Compaq Fry's SPecial, AMD 2100, 2 GB DDR, 260 GB (2008.0/server, stage 1, -O3)
Ultra Sparc 5, 256MB, 3GB (2006.1/server, stage 1, -O3)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy