Flooded with keepalives
Hi,
Lately my Debian machine (Thinkpad T22) is getting barraged with TCP Keep-Alive packets from my LInksys router, at a constant rate of around 15 packets/sec. Each packet is 60 bytes. I'm having trouble figuring out whether the culprit is my Linux machine or router. I have a few other pc's running XP on my network and they're problem free. I tried upgrading the router's firmware but that didn't help. Can anybody suggest how to determine where the problem is? Here's a sample packet I sniffed with ethereal. Every packet looks like this one (except for time, seq num, etc.): ---------------------------- Frame 30 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:0f:66:23:49:7b, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: 192.168.1.1 (192.168.1.1), Dst Addr: 0.0.0.0 (0.0.0.0) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 41 Identification: 0x10dd (4317) Flags: 0x00 Fragment offset: 0 Time to live: 150 Protocol: TCP (0x06) Header checksum: 0x5249 (correct) Source: 192.168.1.1 (192.168.1.1) Destination: 0.0.0.0 (0.0.0.0) Transmission Control Protocol, Src Port: 1046 (1046), Dst Port: 0 (0), Seq: 0, Ack: 0, Len: 1 Source port: 1046 (1046) Destination port: 0 (0) Sequence number: 0 (relative sequence number) Next sequence number: 1 (relative sequence number) Acknowledgement number: 0 (relative ack number) Header length: 20 bytes Flags: 0x0010 (ACK) Window size: 0 Checksum: 0x61da (incorrect, should be 0x9c14) SEQ/ACK analysis Data (1 byte) 0000 4e N No. Time Source Destination Protocol Info 31 0.433917 192.168.1.1 0.0.0.0 TCP [TCP ZeroWindow] [TCP Keep-Alive] 1047 > 0 [ACK] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=1 -------------------------- Thanks in advance, lantern |
Well, I am no expert at networks, but it looks to me as though the second and third lines tell you what you need to know:
Quote:
|
Right ... that mac and ip belong to my Linksys router. I know that's where the packets are coming from, but I'm trying to figure out why. I would just conclude that the router is malfunctioning, but it's odd that only my Linux box is getting flooded and not the other pc's on my local network.
Could there be something in my Linux machine's network configuration (or otherwise) which is soliciting this flood of packets? Thanks. |
All times are GMT -5. The time now is 05:33 PM. |