[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] Weird packets in tcpdump/ngrep



On Wed, Jun 13, 2001 at 05:45:34PM +1000, Andrew Bennetts (andrew@nospam.puzzling.org) wrote:
> On Wed, Jun 13, 2001 at 05:14:46PM +1000, Jobst Schmalenbach wrote:
> > All,
> > 
> > this is what I see (quite regular actually):
> > 
> > tcpdump:
> > 
> > 17:12:39.282431 > piquet.barrett.com.au.40612 > acc8.mel.connect.com.au.33435: udp 10 [ttl 1]
> > 17:12:39.412449 < acc8.mel.connect.com.au > piquet.barrett.com.au: icmp: acc8.mel.connect.com.au udp port 33435 unreachable [tos 0xc0]
> 
> Off the top of my head, that looks like the product of a traceroute
> command.  Note the very low ttl value, and the high port.

I should have said that I killed all procs (other httpd/squid etc), shells
and all and its was still showing, but yet as ps -edf doesnt reveal
anything (and not traceroute neither).

On top off that it has to be generated by the box as it doesnt show up
on the other network card (going towards internal firewall.)



rather baffled, I must say.


jobst




-- 
best accelerated mac = 9.8 m/(s*s)

|            __, Jobst Schmalenbach, jobst@nospam.barrett.com.au, Technical Director|
|  _ _.--'-n_/   Barrett Consulting Group P/L & The Meditation Room P/L      |
|-(_)------(_)=  +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia|

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug