Henrique de Moraes Holschuh <h...@debian.org> writes: >Alternatively you may use 'tcpdump' instead of wireshark. >Run "tcpdump -s 1600 -i any -w /tmp/output.tcpdump.bin >host 239.255.255.250", and stop it with ^C after 5-10s. >It will save the packet dump to /tmp/output.tcpdump.bin, >which you should gzip or xz'ip before attaching.
>While you're doing the capture, just in case, DO NOT engage >in any other activities, do not have your browser, mail user >agent, or any other programs open that could send credentials >over the wire (such as email logins, etc) just in case the >wireshark filter is not correct and it ends up capturing >packets with data you'd rather keep private. I prefer the alternative. tcpdump is a much smaller package. :) So, I did this for several minutes and looked at the log. Doesn't look like it needs much technical expertise to interpret. The content of the packets is printed in plain text and very clearly what it should be for that address and port. For some odd reason the AP is sending out a continuous stream of uPNP data. XML URLs to the interface points. Product ID and URLs to the hardware manufacturer's site. That sort of thing. Other APs send out the same sort of thing, in short bursts. But this one sends 10-14k per second non-stop. But I don't recall seeing that stream before in several months of intermittent use of that AP. It would be very, very odd if they just happened to change something in the configuration of the AP right when I downloaded my updates. So it seems most likely that somehow the interface was tweaked by the updates so that it now shows the traffic that was always there. Or maybe it changed the dhcp login scripts in a way that makes this AP think my login is not complete, and this constant stream of uPNP packets is the attempt to complete the process? Since it's not an emergency, I can just put up with it for now. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1344283142.99132.yahoomail...@web126103.mail.ne1.yahoo.com
