Announcement

Collapse
No announcement yet.

What's communicating?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    What's communicating?

    On my CenturyLink modem (which is also the router, switch and wireless transmitter), I have just one PC wired to Ethernet port #1 on the modem. All lights are the right color: On, and green, so that's OK. But I've noticed a few times that the Internet light and the light for the PC (Ethernet port #1) are blinking like crazy, continuously. However, to my knowledge, I have no wild websites or downloads going on, maybe 5 tabs of Firefox open, but I am not doing anything (expect possibly some word processing, or nothing at all).


    The CenturyLink tech rep says this is OK, as long as there are no amber or red lights on the modem.


    Is that right? How can I check to see what that activity might be (I guess from WAN to my PC)?


    The only thing I can think of are the things NoScript attends to. I've noticed that many websites, like CenturyLink.net, have the ads that run continuously, like movies. I try to turn those off, try to adjust NoScript settings, but seems I always have some activity on some websites. But I wouldn't think that that kind of "light" advertising activity would trigger such frantic, continous blinking of Internet + Port #1.



    Btw, when I re-boot and re-open Firefox, it stops the frantic activity on the modem.


    Networks are my weak point (or one of many weak points!).
    An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski
    Tags: None
    • Top
    • Bottom
    #2
    Packet transmissions are indicated by the blinking lights.
    Shutting down FF and restarting it is significant if its stops the light activity.

    sudo netstat -lpa

    will give you a list of EVERY connection to your machine and the app that is holding it open.


    There are three packages that are good for monitoring your Internet connection.
    EtherApe
    Kismet
    Nmap

    EtherApe will show graphically, with IP addresses, every sever or computer attached to yours, or if someone else has hacked into your wireless connection and is "borrowing" it. it shows UDP and TCP packet count, and ranks the activity of the various connections by byte count. The output can be sorted by clicking on the column headers.

    Kismet does the same thing, and offers more power.

    Nmap is in a class of its own, and is the most powerful.

    Start with EtherApe and if it shows you something you think might be suspicious then move on to Kismet or Nmap.

    You might be surprises about the number of websites which hold their connections active even after you leave their web page, even just using netstat
    Last edited by GreyGeek; Feb 27, 2014, 12:47 PM.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.
    • Top
    • Bottom

    Comment

      #3
      Thanks GreyGeek. I'll try these things, starting with netstat (and starting with learning how to read the output, starting with how to read man netstat!)
      An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski
      • Top
      • Bottom

      Comment

        #4
        I prefer a slightly more truncated output with netstat ,,,,,I use "sudo netstat -tunap" which produces a much shorter list (no internal activity) like this

        Code:
        vinny@vinny-HP-G62:~$ sudo netstat -tunap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1619/dnsmasq    
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      1556/dnsmasq    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1015/sshd       
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      7530/cupsd      
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1019/smbd       
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1019/smbd       
tcp        0      0 192.168.2.2:43989       173.255.193.141:443     ESTABLISHED 8601/firefox    
tcp        0      0 192.168.2.2:43987       173.255.193.141:443     ESTABLISHED 8601/firefox    
tcp        0      0 192.168.2.2:43991       173.255.193.141:443     ESTABLISHED 8601/firefox    
tcp        0      0 192.168.2.2:54777       74.125.196.95:443       ESTABLISHED 8601/firefox    
tcp        0      0 192.168.2.2:43993       173.255.193.141:443     ESTABLISHED 8601/firefox    
tcp        0      0 192.168.2.2:43990       173.255.193.141:443     ESTABLISHED 8601/firefox    
tcp        0      0 192.168.2.2:43992       173.255.193.141:443     ESTABLISHED 8601/firefox    
tcp6       0      0 :::22                   :::*                    LISTEN      1015/sshd       
tcp6       0      0 ::1:631                 :::*                    LISTEN      7530/cupsd      
tcp6       0      0 :::445                  :::*                    LISTEN      1019/smbd       
tcp6       0      0 :::139                  :::*                    LISTEN      1019/smbd       
udp        0      0 0.0.0.0:42410           0.0.0.0:*                           1082/avahi-daemon: 
udp        0      0 0.0.0.0:2011            0.0.0.0:*                           4360/dhclient   
udp        0      0 192.168.122.1:53        0.0.0.0:*                           1619/dnsmasq    
udp        0      0 127.0.1.1:53            0.0.0.0:*                           1556/dnsmasq    
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1619/dnsmasq    
udp        0      0 0.0.0.0:68              0.0.0.0:*                           4360/dhclient   
udp        0      0 192.168.2.255:137       0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.2.2:137         0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.122.255:137     0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.122.1:137       0.0.0.0:*                           1885/nmbd       
udp        0      0 0.0.0.0:137             0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.2.255:138       0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.2.2:138         0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.122.255:138     0.0.0.0:*                           1885/nmbd       
udp        0      0 192.168.122.1:138       0.0.0.0:*                           1885/nmbd       
udp        0      0 0.0.0.0:138             0.0.0.0:*                           1885/nmbd       
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1082/avahi-daemon: 
udp6       0      0 :::30671                :::*                                4360/dhclient   
udp6       0      0 :::43079                :::*                                1082/avahi-daemon: 
udp6       0      0 :::5353                 :::*                                1082/avahi-daemon: 
vinny@vinny-HP-G62:~$
        VINNY
        i7 4core HT 8MB L3 2.9GHz
        16GB RAM
        Nvidia GTX 860M 4GB RAM 1152 cuda cores
        • Top
        • Bottom

        Comment

          #5
          -tunap does give a shorter--and more understandable output.


          Firefox and Skype -- naughty fellas, doing most of it.
          Not sure what these are: 1449/dnsmasq, 819/avahi-daemon: r, 1185/dhclient, 819/avahi-daemon: r. But there's hope here of figuring this out. Although, now the modem is not racing like it has on two previous occasions. (Btw, new DSL service, a new provider, as of last week.)
          Last edited by Qqmike; Feb 28, 2014, 05:39 AM. Reason: spelling
          An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski
          • Top
          • Bottom

          Comment

            #6
            What's nice about the last three apps I recommended is that they will show if someone is piggy-backing on top of your WIFI connection.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.
            • Top
            • Bottom

            Comment

              #7
              Well, I've made notes of all this. The sudo netstat -tunap gets at it quick, for this general purpose. Hopefully, that's all I'll ever need. My modem has its name and password, passphrase, PIN. I don't see how anyone could hijack the wireless. Thanks.
              An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski
              • Top
              • Bottom

              Comment

                #8
                IF you've burned an open source firmware onto it I doubt anyone would. But, if the firmware still has the maker's proprietary stuff ....
                About 6 months after I bought my Cisco E2500 I got a popup telling me an "update" to the firmware was ready, but I'd have to create an account on Cisco's cloud to get it. I declined and did some investigating. That's when I discovered that a lot of modem makers had "updates" and the NSA was behind them. I burned DD-WRT onto mine. It's HTML pages opened up ALL of the modems features, worked better and was better looking as well.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.
                • Top
                • Bottom

                Comment

                  #9
                  Unfortunately, *wrt is unavailable for all-in-one modem+routers, it's just for routers. At best Qqmike can put the existing box into modem mode and connect a router running custom firmware to it.

                  At least then you can be reasonably sure connections between machines on your LAN aren't being snooped on by your ISP.
                  samhobbs.co.uk
                  • Top
                  • Bottom

                  Comment

                  Previous template Next
                  Working...
                  X