openSUSE 11.1, KDE4.4 rc1

Hi,

don't know, when exactly i caught this feature, but since a few days i see, that my network is always busy, although no internet programs are running (no firefox/thunderbird, just a plasmoid for measuring traffic, also killed oss update and no change).

What i'm doing is the daily update from kde4 factory+playground.

Looking at the traffic with wireshark i can see that this traffic is due to a continuous dns traffic between my pc anf the router. Looked up urls are always the same:
http://www.quality.channel.de
http://www.southwest.com
video.google.de

This makes me some kind of nervous is there anybody with similar effects resp. is there anyone, who could explain this effect?

By the way, i don't know how to detect, which task/process is the originator, any help ther is very appreciated

You can use the command "netstat -A inet -p -e" to view the desired information.

I have not seen anything like this on my system.

thx for your hint, bcooksley, will try it, though i had no success with netstat -pc|grep tcp.

I was really nervous about this effect. Meanwhile i did a lot of analysis and maybe my results are interesting for some people out here. So here we are:

- After a new boot -> all ok
- Starting Firefox and ending it again -> all ok
- Analogue with thunderbird (just to be sure) -> all ok
- Start FF again and select a website

Bingo! Here we are.

Now the dns requests start periodically. Even if i end FF and even if i log out and in again. They wan't stop! It really needs a reboot.

And there is a relation between the called site and the dns requests. Its a mix of links, that are there and google.analytics things.

Must a be something like an indexer and indeed: i have an addon called beagle, that can't be uninstalled. Still wonder, why it wan't stop after FF ends ...

Still I'm not sure if this indexer has to do with ff only or maybe its a kde thing.

Any ideas who is to blame ?

some other info concerning crossposting. I was really nervous about this behaviour. Especially because i couldn't find out, which process is responsible for this. So i spread my question in 3 directions: Linux, KDE and Firefox. Beeing aware of the responsibility to inform i added the results and stats correspondingly. I didn't know before, that it is a good idea to tell the other places and not only the results. So here they are

Firefox Forum: http://www.camp-firefox.de/forum/viewto ... 12&t=78088
Linux-club: http://www.linux-club.de/viewtopic.php? ... 70#p665270

Beagle should be removed.

Open YaST and search for libbeagle, then remove it, as well as anything that depends upon it. Assuming you just use KDE, then this will have no negative effect.

yes, i thought the job was done, because i uninstalled beagle-thunderbird and kio-beagle yesterday. But you were right the lib was left over (due to dependencies with gnome-control-center and compiz-gnome. Nevertheless i did uninstall the lib and the depending packages, Still the dns requests repeat, though i think they are little less now.

Also tried your netstat command with an additional c-flag

Sometimes i catch bursts with those suspicious requests like

Code: Select all

Aktive Internetverbindungen (ohne Server)                                                                                 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Benutzer   Inode      PID/Program name   
tcp        0      0 192.168.2.100:44791     www2.l.google.:www-http TIME_WAIT   root       0          -                   
tcp        0      0 192.168.2.100:44027     bw-in-f138.1e1:www-http TIME_WAIT   root       0          -                   
tcp        0      0 192.168.2.100:50653     video.google.d:www-http TIME_WAIT   root       0          -                   
tcp        0      0 192.168.2.100:38526     fk-in-f113.1e1:www-http TIME_WAIT   root       0          -                   
tcp        0      0 192.168.2.100:40241     blogsearch.goo:www-http TIME_WAIT   root       0          -                   
tcp        0      0 192.168.2.100:37232     mu-in-f100.1e1:www-http TIME_WAIT   root       0          -                   
tcp        0      0 192.168.2.100:35701     cs.about.akadn:www-http TIME_WAIT   root       0          -                   


and single entries like

Code: Select all

Aktive Internetverbindungen (ohne Server)                                                                                 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Benutzer   Inode      PID/Program name   
udp        0      0 192.168.2.100:53293     speedport.ip:domain     VERBUNDEN   root       32982      4771/nscd           


I never heard of nscd and looked it up (Name-Service-Caching Daemon)

This sounds very near to the problem. Ok killing the daemon did not help, because it is restarted immediatelly

Still one thing changed, i have a new kind a line now - sometimes

Code: Select all

Aktive Internetverbindungen (ohne Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       Benutzer   Inode      PID/Program name
tcp        0      0 localhost:53008         localhost:sunrpc        TIME_WAIT   root       0          -


ok, next step was to look for /etc/nscd.conf:

Code: Select all

   debug-level      0
#   reload-count      5
   paranoia      no
#   restart-interval   3600

   enable-cache      passwd      yes
   positive-time-to-live   passwd      600
   negative-time-to-live   passwd      20
   suggested-size      passwd      211
   check-files      passwd      yes
   persistent      passwd      yes
   shared         passwd      yes
   max-db-size      passwd      33554432
   auto-propagate      passwd      yes

   enable-cache      group      yes
   positive-time-to-live   group      3600
   negative-time-to-live   group      60
   suggested-size      group      211
   check-files      group      yes
   persistent      group      yes
   shared         group      yes
   max-db-size      group      33554432
   auto-propagate      group      yes

   enable-cache      hosts      yes
   positive-time-to-live   hosts      600
   negative-time-to-live   hosts      0
   suggested-size      hosts      211
   check-files      hosts      yes
   persistent      hosts      no
   shared         hosts      yes
   max-db-size      hosts      33554432

   enable-cache      services   yes
   positive-time-to-live   services   28800
   negative-time-to-live   services   20
   suggested-size      services   211
   check-files      services   yes
   persistent      services   yes
   shared         services   yes
   max-db-size      services   33554432


i read something about enable-cache hosts: That it should not be enabled, but i can't state anything, i just don't know it. Maybe the life-time is also a little short. Anyone heard of this daemon ever?

nscd caches DNS requests to improve the performance of applications.

Can you please post the full lines from the output of my netstat command? The parts that indicate which application is making the HTTP requests is missing.

its not missing, bcooksley. In the burst dump for example there is only a "-" as program name. Wrapping makes it, that this is always in the second line.

But i have good results. I configured the nscd host cache to no and with the next reboot there is peace now

Thx for your patience, bcooksley! Maybe it was a good experience for you also .