Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a dual boot computer XP / Mandriva (linux) in a windows network.
I noticed when I boot into linux my firewall (shorewall) generates messages that it prevented 4 network printers from sending packets to my computer.
From the messages I counted I can say that printers are sending 30 packets per second. Constantly. I talked to the IT manager about this he said that the printers are scanning the network to find a host. And that these are multifunction printers and that's what they do.
Is there a way to prevent those printers from generating all that network noise?
here's a sample of my firewall message:
Jul 28 15:31:25 localhost klogd: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:00:**:**:**:**:**:**:**:**:**:**:**:** SRC=192.168.0.5 DST=192.168.0.4 LEN=286 TOS=0x00 PREC=0x00 TTL=64 ID=756 PROTO=UDP SPT=1025 DPT=47197 LEN=266
It's really not necessary to obfuscate the MAC address that way...
I find it odd that the printers are sending udp packets directly to you, rather than to a broadcast (.255) address.
Anyway, you could configure shorewall to silently DROP packets from those printers (i.e. specify them by IP). I haven't used shorewall, but currently it is hitting the LOG target and then the DROP target.
theres a really good chance that what youre seeing is ARP traffic. most (if not all) ethernet devices generate this traffic, and its not malicious at all (hell to you and I, its pretty much meaningless). i really wouldnt worry about any of this, as its perfectly normal.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.