| artienne | hey guys, is anyone around to ask a question about network traffic on localhost on ubuntu 16.10 | 02:31 |
|---|---|---|
| blahdeblah | artienne: Feel free to ask, but you might get more response in the main #ubuntu channel | 02:32 |
| artienne | or can someone direct me to somewhere more suitable for such a question? | 02:32 |
| artienne | ahh | 02:32 |
| artienne | well, i've noticed in 16.10 that for some reason, something on localhost is sending connection requests to localhost:4101 | 02:33 |
| artienne | none of the other systems here, both 16.04s, are doing it, and this one wasn't doing it when before doing a fresh install of 16.10 | 02:34 |
| artienne | i can't determine which program is doing it - nethogs can't pin down a pid | 02:35 |
| artienne | it's only sending about two packets a second or so (on both ipv4 and ipv6), but it's bugging me that i can't find out what's doing it or why.. | 02:36 |
| blahdeblah | artienne: TCP or UDP? | 02:37 |
| artienne | of course, there's nothing listening on port 4101 - wiresharck shows rst, ack packets returning, and it starts again | 02:37 |
| artienne | tcp | 02:37 |
| blahdeblah | ah, right | 02:38 |
| artienne | i actually tested with a completely fresh install, originally thinking i'd tinkered some problem into effect, but on the brand spanking new installation, iftop reported the traffic on lo, and nethogs couldn't determine a pid | 02:39 |
| blahdeblah | artienne: If you run netstat -anp in a nice tight loop (or watch with a sub-second interval), you should be able to get a pid & a user | 02:40 |
| blahdeblah | nethogs should show it too, I'd think | 02:40 |
| artienne | well, user is root, that much nethogs does show | 02:40 |
| blahdeblah | although it may only show established connections | 02:40 |
| blahdeblah | another possibly useful tool is lsof, or checking /proc for file descriptors which point to sockets | 02:42 |
| artienne | well, active internet connections doesn't show anything useful - i'm dumb enough to not know what to look for in the active domain sockets | 02:44 |
| artienne | i've tried lsof and grepping for port 4101, but nothing turns up | 02:44 |
| artienne | i've not looked in proc though.. guess i'll check that too :) | 02:44 |
| artienne | well, i'm not getting anywhere with the /proc stuff - again, not really knowing what to look for doesn't help, but after checking the pid of the irc client and looking at the file descriptors in there, i'm not seeing anything that points to 6667 | 03:03 |
| artienne | the other problem is, of course, that the port the connection request is sent from increments by 4 on every failed attempt | 03:03 |
| artienne | i'll see how busy #ubuntu is -- i can't possibly be the only person who's noticed this, someone must have some knowledge about it | 03:05 |
| blahdeblah | artienne: Possibly | 03:05 |
| artienne | thanks for the help either way blahdeblah :) | 03:08 |
| blahdeblah | artienne: Try watch -d -n 0.1 "netstat -anp|grep SYN_SENT" or something like that, and hopefully you'll catch a glimpse of it. | 03:09 |
| artienne | i'll give it a shot :) | 03:13 |
| artienne | silence was the bold reply, it seems :/ | 03:14 |
| artienne | well well well, what have we here | 03:34 |
| artienne | yeah - okay, it's something to do with input | 03:36 |
| artienne | kind of | 03:36 |
| artienne | if i were to hold a key down in the text field here, the number of packets sent skyrockets | 03:37 |
| artienne | but if i were to to do the same in the wireshark filter field (run with sudo), no spike occurs | 03:37 |
| artienne | i was watching netstat during one of these test, and something did flash up for the briefest of seconds - far too quickly to see what came up, but something did | 03:38 |
| artienne | doesn't seem to happen with constant mouse input (or at least, it doesn't cause a noticeable increase on the network indicator.. | 03:40 |
| artienne | happens in gnome-terminal too | 03:42 |
| artienne | and in firefox | 03:43 |
| blahdeblah | weird | 04:25 |
| artienne | well, that didn't help :/ | 04:36 |
| blahdeblah | artienne: googled (insert your preferred non-evil search engine here) tcp port 4101? I wonder if it's just something like workrave. | 04:37 |
| blahdeblah | artienne: Also worth asking in #linux-aus & ##infra-talk - lots of smarter people than I hang out there | 04:37 |
| artienne | yeah, i looked up grc for port info | 04:37 |
| artienne | thing is, it seems to happen on a fresh install of ubuntu 16.10, and workrave isn't installed by default | 04:39 |
| artienne | i'll check out #linux-aus -- #ubuntu didn't have anyone either available to or capable of answering my questions.. | 04:40 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!