Lots of traffic from 220.233.2.202

Connection issues, drop outs or speed related faults for ADSL and ADSL2+ services
Post Reply
Mort
Posts: 401
Joined: Sun Jan 23, 2005 3:04 pm
Location: Sydney
Contact:

Lots of traffic from 220.233.2.202

Post by Mort » Sat Nov 15, 2014 6:26 pm

I'm currently seeing a large amount of data downloading to my computer from 220.233.2.202. This resolves in DNS as just a static Exetel address.

I'm wondering if this is actually an Exetel Akamai cache and my machine is downloading Microsoft updates or something?
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

NIrmitha
Exetel Staff
Posts: 197
Joined: Wed Jan 06, 2010 1:05 pm

Re: Lots of traffic from 220.233.2.202

Post by NIrmitha » Sat Nov 15, 2014 8:28 pm

Hi Mort,

I have escalated your query to our L2 Network team. (Ticket ref : 8525052).
We will update you once we receive any update from them.

Cheers !!

Dazzled
Volunteer Site Admin
Posts: 6021
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Lots of traffic from 220.233.2.202

Post by Dazzled » Sat Nov 15, 2014 8:30 pm

It's Akamai. Do you read the Daily Mail?

Code: Select all

$ dig www.dailymail.co.uk

; <<>> DiG 9.4.2-P2.1 <<>> www.dailymail.co.uk
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3257
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.dailymail.co.uk.		IN	A

;; ANSWER SECTION:
www.dailymail.co.uk.	2420	IN	CNAME	www.dailymail.co.uk.edgesuite.net.
www.dailymail.co.uk.edgesuite.net. 14839 IN CNAME a1613.w8.akamai.net.
a1613.w8.akamai.net.	20	IN	A	220.233.2.202
a1613.w8.akamai.net.	20	IN	A	220.233.2.200

;; Query time: 194 msec
;; SERVER: 220.233.0.4#53(220.233.0.4)
;; WHEN: Sat Nov 15 20:27:02 2014
;; MSG SIZE  rcvd: 146
or, simply:
$ host www.dailymail.co.uk
www.dailymail.co.uk is an alias for www.dailymail.co.uk.edgesuite.net.
www.dailymail.co.uk.edgesuite.net is an alias for a1613.w8.akamai.net.
a1613.w8.akamai.net has address 220.233.2.202
a1613.w8.akamai.net has address 220.233.2.200

Mort
Posts: 401
Joined: Sun Jan 23, 2005 3:04 pm
Location: Sydney
Contact:

Re: Lots of traffic from 220.233.2.202

Post by Mort » Sat Nov 15, 2014 10:43 pm

The dailymail? No, but that's a rather unusual leap to make isn't it? Looking at the trace you posted I'm guessing that the dailymail is also cached through the Akamai network and just has a reverse lookup matching to it as well.

Matching the download traffic against my hard drive IO it looks like it was Microsoft updates downloading. I don't normally see that as I use a local WSUS (ConfigMgr) server to deliver updates, but I'm running the Windows10 tech preview which must have been downloading the latest build version direct from MS.

I'd still like confirmation though as this is an IP that resolves as an Exetel address, so it seems odd to not have put a more descriptive entry for a network appliance rather than leaving it as the default Exetel static host entry.
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

Dazzled
Volunteer Site Admin
Posts: 6021
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Lots of traffic from 220.233.2.202

Post by Dazzled » Sat Nov 15, 2014 10:54 pm

Reverse lookups of Akamai servers is not straightforward. A reverse DNS lookup will get you Exetel.

Host is a Linux application, but any OS can run dig or nslookup to look up the MS address. You could also connect to the IP address with MS's URL in the GET request Host field. Also try updating, and use netstat or other utility that displays the connected IP.

Post Reply