Internal Modem
Hudson Delbert J Contr 61 CS/SCBN
Delbert.Hudson at LOSANGELES.AF.MIL
Mon Nov 15 16:24:29 UTC 2004
I found some old satan scripts and redid
the perl stuff to basically run a service from
xinetd to tail -f on eth0 logging sorta like
tcpdump. I like this format as it gives me a
little bit of payload drill down.
this is a weird (at least to me) pattern.
12NOV2004 at 17:24:48 host=research sharktank!kernel:0:0.1
out=eth0
src=57.255.1.2
dst=69.55.0.4
len=560
tos=0x00
prec=0xc0
ttl=64
id=3123
proto=icmp
type=3
code=3
DST=69.55.0.4
SRC=57.255.1.2
len=532
tos=0x00
prec=0x00
ttl=49
id=41159
proto=udp
spt=53
dpt=51981
len=512
i think its a an icmp port unreachable due to a dns timer expiring.
it also looks like the truncation bit is set, so would this traffic have to
change to udp
to get a complete answer ?
thx for any info...just looked goofy to me, don't know why?
~piranha
More information about the ubuntu-users
mailing list