From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5D812138330 for ; Thu, 29 Sep 2016 21:52:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CB2BEE0983; Thu, 29 Sep 2016 21:52:18 +0000 (UTC) Received: from acedia.primate.net (disorder.primate.net [198.144.194.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 76F19E0912 for ; Thu, 29 Sep 2016 21:52:18 +0000 (UTC) Received: from acedia.primate.net (localhost [127.0.0.1]) by acedia.primate.net (8.15.2/8.15.2/Debian-6) with ESMTPS id u8TLqBgO020235 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 29 Sep 2016 14:52:16 -0700 Received: (from itz@localhost) by acedia.primate.net (8.15.2/8.15.2/Submit) id u8TLq6Og020219 for gentoo-user@lists.gentoo.org; Thu, 29 Sep 2016 14:52:06 -0700 X-Authentication-Warning: acedia.primate.net: itz set sender to itz@primate.net using -f Received: from [10.8.78.14] (helo=matica.foolinux.mooo.com) by ahiker.mooo.com with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1bpjFM-0005JZ-MQ for gentoo-user@lists.gentoo.org; Thu, 29 Sep 2016 14:52:04 -0700 Received: from itz by matica.foolinux.mooo.com with local (Exim 4.87) (envelope-from ) id 1bpjFM-0006lD-Gt for gentoo-user@lists.gentoo.org; Thu, 29 Sep 2016 14:52:04 -0700 Date: Thu, 29 Sep 2016 14:52:04 -0700 From: Ian Zimmerman To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Re: {OT} Mystery network traffic Message-ID: <20160929214816.25841.35B0BECB@matica.foolinux.mooo.com> Mail-Followup-To: gentoo-user@lists.gentoo.org References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Archives-Salt: 3452b379-a529-402c-a886-d8337e6b540f X-Archives-Hash: 39450e06a7b0c730d7082e5b6edd4558 On 2016-09-29 12:47, Grant wrote: > I was watching cbm on one of my machines and it showed a lot more > traffic going in and out over lo than over both of the two real > interfaces. Is that normal? One of those two real interfaces is > completely unused and shows zeros in cbm all the time. If I were motivated to investigate this, I'd start with netstat to learn what ports are active on the interface, then I'd load iptables rules that pass all traffic on such ports but log it. Or just use tcpdump? That may by too blunt a tool, though. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://cr.yp.to/smtp/8bitmime.html Why does the arrow on Hillary signs point to the right?