This could well be an ignorant question. But, here goes,.......
I have the System Monitor installed on my system tray, set up to show processor, network, load, etc.
On Centos5 I see continuous low-level network activity, 3% to 5%, just sort-of trickling, with occasional spikes to 60% to 75%, even when I'm off-line.
I had the same setup on Centos4, but I never saw that sort of network activity with Centos4.
Of course, when I am on line, as expected, I see network activity in the monitor, and If I happen to be downloading a file, the monitor reflects that.
This is a stand-alone computer, just for desktop use, not on any network.
My question, then, is this. Is there really some network activity going on, even when I'm not on line? If so, what is different with Centos5 compared to Centos4? And what is this activity? Am I being probed?
Thanks,
owa
System Monitor/ Network activity
-
- Posts: 119
- Joined: 2007/04/23 13:57:42
- Location: Yuma, Arizona
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
System Monitor/ Network activity
There are many network services that broadcast information or respond to broadcasts.
You have arp. Are you running smb/nmb also? What about ntp?
You have arp. Are you running smb/nmb also? What about ntp?
Re: System Monitor/ Network activity
Firstly, yes you are being probed. We all are, constantly. That's why we have firewalls. So long as you're behind a firewall, you are (relatively) safe. But that's probably not the constant low level chatter you're seeing.
How are you connected to the internet - a broadband router or straight dialup? Either way, you'll get a lot of background chatter as gerald indicated.
You can always fire up wireshark and take a look for yourself.
How are you connected to the internet - a broadband router or straight dialup? Either way, you'll get a lot of background chatter as gerald indicated.
You can always fire up wireshark and take a look for yourself.
-
- Posts: 119
- Joined: 2007/04/23 13:57:42
- Location: Yuma, Arizona
Re: System Monitor/ Network activity
Ahh! I've stumbled onto the fix, if not the cause, of my little problem.
First, I had, for years, been behind a router to the internet. The router got borked, and I connected directly to the Wildblue Satellite modem. When I did that, directly connected to the modem, I noticed that my computer was no longer me@localhost, but me@. With FC3 and then with CentOS4, this posed no problem (or at least I was not aware of any problem). But, with FC5 and now CentOS5 I began to notice this low level activity. I mentioned this to a co-worker, and he suggested getting behind a router again. So, today I grabbed a Linksys WR54G router and hooked it up. The problem seems to have been solved. I'll monitor this for a while before I pronounce it well, but my computer is again identified as me@localhost, and when I disconnect from the internet, the network monitor shows no activity at all.
So, problem solved or not, this begs the question, what is different about FC5/CentOS5 that would cause this? Interesting problem. 100% self-taught, I haven't the network background to help me, so I'll have to rtfm and poke around. If anyone has a quicker answer, I'm all ears.
Thanks, both of you, for your responses. I appreciate that. Any feedback would be very welcome.
owa
First, I had, for years, been behind a router to the internet. The router got borked, and I connected directly to the Wildblue Satellite modem. When I did that, directly connected to the modem, I noticed that my computer was no longer me@localhost, but me@. With FC3 and then with CentOS4, this posed no problem (or at least I was not aware of any problem). But, with FC5 and now CentOS5 I began to notice this low level activity. I mentioned this to a co-worker, and he suggested getting behind a router again. So, today I grabbed a Linksys WR54G router and hooked it up. The problem seems to have been solved. I'll monitor this for a while before I pronounce it well, but my computer is again identified as me@localhost, and when I disconnect from the internet, the network monitor shows no activity at all.
So, problem solved or not, this begs the question, what is different about FC5/CentOS5 that would cause this? Interesting problem. 100% self-taught, I haven't the network background to help me, so I'll have to rtfm and poke around. If anyone has a quicker answer, I'm all ears.
Thanks, both of you, for your responses. I appreciate that. Any feedback would be very welcome.
owa
-
- Posts: 1478
- Joined: 2006/05/29 16:50:11
- Location: San Francisco, CA
Re: System Monitor/ Network activity
"me@localhost" or for that matter "me@anything" is not a machine name, it's an email address.
If you want to see what that low level network traffic is, run wireshark to capture and display it. I suspect some of it is arp traffic, some may be cups advertising, etc...
If you want to see what that low level network traffic is, run wireshark to capture and display it. I suspect some of it is arp traffic, some may be cups advertising, etc...
-
- Posts: 119
- Joined: 2007/04/23 13:57:42
- Location: Yuma, Arizona
Re: System Monitor/ Network activity
Thank you for your correction, but the question remains; why the change from me@localhost on CentOS4 to me@ on CentOS5? Why the change back to me@localhost now that I'm behind the router? And does this change account for seeing the network activity on CentOS5, even when off-line, when there was no activity like this on CentOS4? And, as I mentioned, behind the router, now, there is no such activity showing. The firestarter logs do reveal lotsa probes prior to installing the router, and nothing since.
Thanks,
owa
Thanks,
owa
Re: System Monitor/ Network activity
Fist
localhos or may be changed from DHCP server that you use to obtain your IP address
Did you setup hostname on CentOS 5?
Second
Having network activity is normal (sort of)
For example On my firewall I have 3000-30000 probes a day, but that is main job of firewalls to block unwanted traffic.
localhos or may be changed from DHCP server that you use to obtain your IP address
Did you setup hostname on CentOS 5?
Second
Having network activity is normal (sort of)
For example On my firewall I have 3000-30000 probes a day, but that is main job of firewalls to block unwanted traffic.