Why so much activity?

M

Met-AL

Supreme [H]ardness
Joined
Apr 9, 2002
Messages
7,890
I have a cable modem going into a SonicWall going into a switch. The cable modem's activity light constantly is flashing along with the SonicWall's RX (receive) light. The lights for the devices on the switch and the light for the LAN port on the SonicWall aren't flashing which means no network traffic on those RJ45 ports.

My question is, why is there so much activity on my Broadband Cable line? Obviously none of it is getting thru my SonicWall. I do get a few "attacks" according to my SonicWall's log file, but nothing major and none of it get's thru.
 
Met-AL said:
My question is, why is there so much activity on my Broadband Cable line? .
Click to expand...

Because there is lots of broadcast network traffic on a cable network.
 
The way Residential Cable Inet works (as far as I understand) they use a setup where there are nodes or concentrators (I think they are called that?) and that is what your modem communicates with, but your neighbor also connects to that same one, and its broadcasted over the same Coax, so your Cablemodem will pick it up as well. I don't know if the modem will also put that on the line for your computer(s) too see or not, but it might. Its kinda like old thinnet type ethernet (where all the computers were chained together with coax). You are also receving all the broadcast DHCP requests, and some ISP's will do arp requests constantly in a loop to make sure unauthorized people aren't using there network.
 
Xipher said:
The way Residential Cable Inet works (as far as I understand) they use a setup where there are nodes or concentrators (I think they are called that?) and that is what your modem communicates with, but your neighbor also connects to that same one, and its broadcasted over the same Coax, so your Cablemodem will pick it up as well. I don't know if the modem will also put that on the line for your computer(s) too see or not, but it might. Its kinda like old thinnet type ethernet (where all the computers were chained together with coax). You are also receving all the broadcast DHCP requests, and some ISP's will do arp requests constantly in a loop to make sure unauthorized people aren't using there network.
Click to expand...

CMTS - "cable modem termination system" kinda like a DSLAM for DSL modems, is the head end system were all the lines meet up. The old DOCSIS specs (1.0 for sure, maybe 1.1) were set so that you could sniff the wire outside of your cable modem and pick up your neighbor's packets. DOCSIS 2.0 *I think* had something to prevent this [Disclaimer: I haven't read the the DOCSIS specs in well over a year and am currently basing this info/guess off of an article I read some months ago.]

So yeah - if you set up a sniffer now you'll see lots of DHCP requests and routing information going by.
 
You must log in or register to reply here.
Back
Top