[rescue] What is this traffic?

microcode at zoho.com microcode at zoho.com
Thu Oct 29 07:24:09 CDT 2015

On Thu, Oct 29, 2015 at 12:54:27PM +0100, Jonathan Katz wrote:
> On Thu, Oct 29, 2015 at 12:45 PM,  <microcode at zoho.com> wrote:
> > I have no evidence of anything getting to any of the boxes on my LAN. iptraf
> >
> > Is there any way to see what the traffic between the router and the switch
> > is without extra equipment? Does anybody have any idea what this could be?
> The extra equipment part is difficult. If you're willing to sacrifice
> network performance in the short-term dust off an old 10Mbit hub in
> the closet and put that between the ADSL router and the switch and
> then run snoop or tcpdump on something plugged into the hub.

I don't have any other switches or hubs. I'm really hurting for equipment.
The network performance I am getting is so bad I don't think sacrificing it
is a possibility! I am paying for 15Mb/s and getting 1.5M on a good day. For
about two years it was fine and then for the last two it has gotten worse
and worse. It's a blame game between the carrier and the ISP and although I
am sure it's the ISP I can't get them to fix it. There are very few
providers and it's not clear switching would help although I will anyway
shortly I hope.

> How dumb is your TP-Link switch? Could it take dd-wrt or similar? That
> could allow you to mirror the interface between the switch and the
> ADSL router and you can snoop traffic that way.

Ah, no, it's an unmanagemed switch and not user flashable as far as I
know. There is no management interface and nothing but RJ-45 ports.

> Alternately, does it happen at a set interval? Like every "N" hours
> after the ADSL modem has been rebooted? I'm wondering if it is some
> kind of standard ARP broadcast/mapping that is going on as a part of
> spanning tree. Like the ADSL port keeps a cache of the MAC addresses
> that it expects to find beyond the switch port it is plugged into.

The light goes crazy whenever the switch is connected to the router. I have
not seen anything that gives me any clues apart from that. The light is
flashing at a high rate all the time, regardless of traffic from any of the
boxes on my network.


