Understanding network activity

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
1.618

Understanding network activity

Post by 1.618 »

Ok so i noticed my router is flashing regularly signalling it is recieving/transmitting data but the light for my connected pc doesn't flash that often, so i figure it's my router talking to the internet.... I'm trying to understand what is actually going on but when looking online the documentation doesn't really help or when i read other forums for this subject, people just reply immediately telling the poster he's being hacked, then someone else says it's all normal so i am just looking for some clarification.

Using iptraf

I am seeing the following

Code: Select all

IGMP (46 bytes) from BrightBox.ee to all-systems.mcast.net (src HWaddr my router mac) on eth0                         │
│ IGMP (46 bytes) from BrightBox.ee to all-systems.mcast.net (src HWaddr my router mac) on eth0                        
│ ARP request for 192.xxx.x.xxx (366 bytes) from my router mac to ffffffffffff on eth0                                  │
│ ARP reply from 192.xxx.x.xxx (366 bytes) from my pc mac to my router mac on eth0      

so i get that IGMP is internet group management protocol meaning i am in some internet group - who actually puts me in a group? is it default by my isp, is it an app on my pc? do i need this and if not how do i leave the groups i am in?

next is all-systems.mcast.net so i understand this is a multicasting address inside my local network, which only consists of my router and my pc, if i only have one device why is my router using multicasting? is it possible to disable this (can't find anything inside the router) and will it make a difference if i do? i would prefer not to be transmitting to loads of devices, i have disabled multicasting on my eth0 using ifconfig eth0 -allmulti and ifconfig eth0 -multicast so i assumed it should stop. Also i am NOT using any voip or similar like skype/hexchat etc

Next is the ARP requests, why is there a mac address showing as ffffffffffffff? as far as i can see it goes from router to mystery mac then comes back from pc to router, I understand ARP is needed so should be left as is, unless using static ip address(?) but why does it not go router>pc>router? is the ffffffffffffff just some default value or is it something i should be worrying about?

sorry if these are noob questions but i'm seriously struggling to get clear answers by searching online, there's too much conflicting info so i need some help - thanks :-)
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
Pjotr
Level 23
Level 23
Posts: 19873
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Understanding network activity

Post by Pjotr »

The chance that something bad is going on, is minimal. Generally almost zero.

A simple precaution might be, to upgrade the firmware of your router to the latest available version. For the rest I wouldn't worry. And don't let yourself be influenced by people who spread FUD and paranoia.... :)
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
1.618

Re: Understanding network activity

Post by 1.618 »

Thanks for the reply, firmwares already up to date but just trying to get a clearer picture in my head of what's what :-)
Locked

Return to “Networking”