Hi all~

WAN led on my router flashes approx. 10 times per sec., even when all other hardware (PCs, printer etc.) is powered off.

I have the latest Oleg's fw (1.9.2.7-6b).
The router operates as the Home Gateway (with a static WAN IP).
The problem was introduced just 3-4 days ago.

I've tried to do the following to monitor eth1 activity:



iptables -I INPUT -d 10.24.48.105/255.255.240.0 -i eth1 -j LOG
iptables -I OUTPUT -s 10.24.48.105 -o eth1 -j LOG


But I don't get anything unusual in syslog, just things like DNS requests before syncing time, or stupid attempts to connect to port 445 from stupid Win32 clients. And they are of course not at the specified rate (10times/s).

On the other hand, normal activity (f.e., accessing external HTTP resources) isn't seen in the log too (so it makes me doubting the above commands are a correct way to monitor all activity on eth1).

But in fact, this flasing thing produces about extra 100MB of RX on eth1 per day (according to ifconfig).

P.S. I don't have any p2p services etc., nor do I use the DDNS service.

Use


tcpdump -i eth1 -n

Thanks a lot for the instant answer! tcpdump is what I was looking for.

It's turned out that our gateway is broadcasting arp packets asking for etnernet addresses of hosts from our network (10.24.48.0/255.255.240.0). Werid. I guess its a problem of ISP. Will call them.

Btw, is this situation normal? I mean, when the ISP's gateway doesn't cache ARP replies and always broadcasts all ARP requests to our segment wasting traffic. They told me they are not going to change this. While I'm not sure it's the "way it's meant to be played" (tm).

Perhaps this is due to misconfigured dhcp server or paranoid "security through obscurity".