LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Flooded with keepalives (https://www.linuxquestions.org/questions/linux-networking-3/flooded-with-keepalives-308088/)

lantern 03-31-2005 01:14 AM
Flooded with keepalives
 
Hi,

Lately my Debian machine (Thinkpad T22) is getting barraged with TCP Keep-Alive packets from my LInksys router, at a constant rate of around 15 packets/sec. Each packet is 60 bytes. I'm having trouble figuring out whether the culprit is my Linux machine or router. I have a few other pc's running XP on my network and they're problem free. I tried upgrading the router's firmware but that didn't help.

Can anybody suggest how to determine where the problem is?

Here's a sample packet I sniffed with ethereal. Every packet looks like this one (except for time, seq num, etc.):

----------------------------
Frame 30 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0f:66:23:49:7b, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 192.168.1.1 (192.168.1.1), Dst Addr: 0.0.0.0 (0.0.0.0)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 41
Identification: 0x10dd (4317)
Flags: 0x00
Fragment offset: 0
Time to live: 150
Protocol: TCP (0x06)
Header checksum: 0x5249 (correct)
Source: 192.168.1.1 (192.168.1.1)
Destination: 0.0.0.0 (0.0.0.0)
Transmission Control Protocol, Src Port: 1046 (1046), Dst Port: 0 (0), Seq: 0, Ack: 0, Len: 1
Source port: 1046 (1046)
Destination port: 0 (0)
Sequence number: 0 (relative sequence number)
Next sequence number: 1 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 0
Checksum: 0x61da (incorrect, should be 0x9c14)
SEQ/ACK analysis
Data (1 byte)

0000 4e N

No. Time Source Destination Protocol Info
31 0.433917 192.168.1.1 0.0.0.0 TCP [TCP ZeroWindow] [TCP Keep-Alive] 1047 > 0 [ACK] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=1
--------------------------

Thanks in advance,
lantern

tredegar 03-31-2005 03:49 AM
Well, I am no expert at networks, but it looks to me as though the second and third lines tell you what you need to know:

Quote:
Ethernet II, Src: 00:0f:66:23:49:7b, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 192.168.1.1
Whatever has the IP of 192.168.1.1, or has the hardware address of 00:0f:66:23:49:7b is what is sending these packets.

lantern 03-31-2005 08:27 AM
Right ... that mac and ip belong to my Linksys router. I know that's where the packets are coming from, but I'm trying to figure out why. I would just conclude that the router is malfunctioning, but it's odd that only my Linux box is getting flooded and not the other pc's on my local network.

Could there be something in my Linux machine's network configuration (or otherwise) which is soliciting this flood of packets?

Thanks.


All times are GMT -5. The time now is 05:33 PM.