Internal Modem

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Mon Nov 15 16:24:29 UTC 2004


I found some old satan scripts and redid
the perl stuff to basically run a service from
xinetd to tail -f on eth0 logging sorta like 
tcpdump.  I like this format as it gives me a
little bit of payload drill down.

this is a weird (at least to me) pattern.

12NOV2004 at 17:24:48 host=research sharktank!kernel:0:0.1

out=eth0 
src=57.255.1.2
dst=69.55.0.4
len=560
tos=0x00
prec=0xc0
ttl=64
id=3123
proto=icmp
type=3
code=3
DST=69.55.0.4 
SRC=57.255.1.2
len=532
tos=0x00
prec=0x00
ttl=49
id=41159
proto=udp
spt=53
dpt=51981
len=512

i think its a an icmp port unreachable due to a dns timer expiring.

it also looks like the truncation bit is set, so would this traffic have to
change to udp
to get a complete answer ?

thx for any info...just looked goofy to me, don't know why?

~piranha




More information about the ubuntu-users mailing list