I have noticed on many occasions some extensive traffic on my internal network that I cannot explain. Below you will see two sets of tcpdump traces. I have a mysql server running on my internal host named "herzegbol" and a windows 98 host named shelbyville
This trace is when the MySQL server is running: 14:33:45.886159 eth1 > herzegbol.mysql > shelbyville.2333: S 700834979:700834979(0) ack 2360059956 win 5792 <ms s 1460,sackOK,timestamp 420171046 7876889,nop,wscale 0> (DF) 14:33:46.156126 eth1 > herzegbol.mysql > shelbyville.2311: S 703613196:703613196(0) ack 1969309172 win 5792 <ms s 1460,sackOK,timestamp 420171073 7876916,nop,wscale 0> (DF) 14:33:47.010646 eth1 > herzegbol.mysql > shelbyville.2345: S 697677373:697677373(0) ack 2546308254 win 5792 <ms s 1460,sackOK,timestamp 420171158 7877001,nop,wscale 0> (DF) 14:33:47.246107 eth1 > herzegbol.mysql > shelbyville.2304: S 705352284:705352284(0) ack 1841862906 win 5792 <ms s 1460,sackOK,timestamp 420171182 7877025,nop,wscale 0> (DF) This trace is after I issue mysqladmin shutdown: 14:32:09.886091 eth1 > herzegbol.mysql > shelbyville.2333: R 0:0(0) ack 2360059956 win 0 (DF) 14:32:15.626067 eth1 > herzegbol.mysql > shelbyville.2334: R 0:0(0) ack 2356113189 win 0 (DF) 14:32:17.586063 eth1 > herzegbol.mysql > shelbyville.2308: R 0:0(0) ack 1867829359 win 0 (DF) 14:32:20.696068 eth1 > herzegbol.mysql > shelbyville.2321: R 0:0(0) ack 2130321013 win 0 (DF) 14:32:25.566094 eth1 > herzegbol.mysql > shelbyville.2324: R 0:0(0) ack 2251852705 win 0 (DF) 14:32:30.066104 eth1 > herzegbol.mysql > shelbyville.2325: R 0:0(0) ack 2264947201 win 0 (DF) The reason this is confusing to me is that the traffic originates on the mysql server "herzegbol" via the mysql port and the destination is the windows box on dozens of ports and there is no program or process on the windows machine that is connected to the database server. As far as I can tell there is absolutely no reason for Herzegbol to talk to shelbyville, yet this traffic will pop up almost every day for a period of time and swamp my network. I would like to identify the source and understand the cause. Regards, Gary "SuperID" Huntress ======================================================= FreeSQL.org offering free database hosting to developers Visit http://www.freesql.org -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
