[plug] strange network activity?
Patrick Coleman
blinken at gmail.com
Wed Jan 2 20:55:18 WST 2008
On Jan 1, 2008 2:28 PM, Rob Dunne <rob.dunne at gmail.com> wrote:
>
> iptraf
> UDP (74 bytes) from 192.168.1.254:53 to 192.168.1.102:1558 on eth0
> UDP (72 bytes) from 192.168.1.102:1563 to 192.168.1.254:53 on eth0
What you're seeing here is DNS lookups - port 53 is the port a DNS
server will listen on. I am guessing your modem/router is
192.168.1.254, and it is evidently acting as a DNS proxy for internal
hosts. Don't know why a NAS would be doing DNS, though; could be for
NTP or something.
If you're still interested in working out what the NAS box is doing,
run 'sudo tcpdump -i eth0 host 192.168.1.102' as suggested and post a
bit (more) of the output to the list. Alternatively, WireShark will
give you the same thing graphically (it uses tcpdump as a backend).
Cheers,
Patrick
--
http://www.labyrinthdata.net.au - WA Backup, Web and VPS Hosting
More information about the plug
mailing list