Canonical network activity
rkimber at ntlworld.com
Sat Mar 3 22:47:22 UTC 2007
On Sat, 03 Mar 2007 13:22:26 +0000
Tony Arnold wrote:
> > Mar 3 07:35:02 infinity kernel: [738616.529708] Inbound IN=eth0
> > OUT= MAC=xxxxxxx SRC=22.214.171.124 DST=192.168.1.100 LEN=44 TOS=0x00
> > PREC=0x80 TTL=60 ID=4045 DF PROTO=TCP SPT=80 DPT=34813 WINDOW=64240
> > RES=0x00 ACK SYN
> This looks like a SYN-ACK packet which is sent in response to a SYN
> packet sent from you machine to Canonical. It's part of the initial
> three way handshake used to set up a connection. So this is your
> machine trying to connect to a Canonical address over port 80 (http).
> I suspect it is Ubuntu doing daily updates or something.
> Why logcheck is picking this up, I have no idea.
Thanks. Yes logcheck can be a bit of a pain. I have yet to devise a
successful method of filtering particular types of message, even though
I've read the documentation. I guess I'm a bit thick :-)
More information about the ubuntu-users