Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mystery network traffic

Status
Not open for further replies.
Byrt

Byrt

Technical User
Aug 18, 2002
16
0
0
CA
Hi. I have logging turned on at the router and have huge volumes of traffic but the originating ip isn't a local network address. It looks like this, over and over all day long. The list of IPs is varied but does repeat at times. Can anyone tell me what to look for here? Is the router being hijacked or is there something sending on a local pc that's masking its address?

2006-08-09 16:37:22 UDP from 70.186.155.213:40311 to 72.13.175.28:6348
2006-08-09 16:37:57 UDP from 24.51.254.74:15368 to 72.13.175.28:6346
2006-08-09 16:37:58 UDP from 81.109.33.206:45847 to 72.13.175.28:6348
2006-08-09 16:37:58 UDP from 4.131.75.140:9913 to 72.13.175.28:6348
2006-08-09 16:38:12 UDP from 148.233.241.23:22082 to 72.13.175.28:25408
 
Sort by date Sort by votes
Thanks for your reply but I need a little more help. 72.13.175.28 is the wan address of the router. These upload/download entries show up even when nothing on the local network, 192.168.1.121 for example, appears to be connecting. How can I pin down what local computer this is going to? The router is a linksys BEFSX41. Thanks.
 
Upvote 0 Downvote
Have you tried to use a Network Packet Capture tool (Sniffer pro or Ethereal or Packetyzer) to actualy capture the data you see on the IP Address?

You might want to use an Ethernet Hub to see all the traffic.
Take a look inside the packets to see if you can recognise an application.
 
Upvote 0 Downvote
Okay, I physically disconnected every local computer from the router and still get the traffic coming to it. Does that mean it's traffic that actually stops at the router without going any farther? This router is at a small hotel. If a prior guest had been using file sharing would some locations still send to the router ip even though no local computer is now receiving it? I did get hold of ethereal but the router is quite a distance away and I won't be back onsite for quite a while. Thanks for your help!
 
Upvote 0 Downvote
Hi Byrt,

I do not know the technical in's and out's of P2P, but it seems logical what you suggest. This also implies that the traffic should disappear after a while, when the P2P caches are refreshed and no usefull information (shares) is coming from your side.
Perhaps another forum reader can point this out more in detail.
 
Upvote 0 Downvote
Hey,

Try to get onsite, run Etheral or wireshark. That will show you the local ip's that it is going to,

Reset the router to clear it out.

Run etheral or wireshark again.

If you can, post some of the results here so we can see what the traffic is.

Hope I can help more.

Brett

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NSW, Australia
(Unless you want to pay for our trip?)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hunt3rxhunt3r
  • Locked
  • Question
Desktop/Network Hardware monitoring
Replies
1
Views
117
MikeHalloran
MikeHalloran
shedlord2
  • Locked
  • Question
Best (simple) sniffer to use for detecting illegal filesharing on a network?
Replies
1
Views
131
fortunat
fortunat
TechMerlin
  • Locked
  • Question
Network Monitor
Replies
3
Views
126
Serena18
Serena18
infogaby
  • Locked
  • Question
laptop acts strange on one network
Replies
0
Views
102
infogaby
infogaby
winston6071
  • Locked
  • Question
Network Traffic Baseline compare performance issue
Replies
1
Views
76
winston6071
winston6071

Part and Inventory Search

Sponsor

Back
Top