Canonical network activity

R Kimber rkimber at ntlworld.com
Sat Mar 3 22:47:22 GMT 2007


On Sat, 03 Mar 2007 13:22:26 +0000
Tony Arnold wrote:

> Richard,
> > Mar  3 07:35:02 infinity kernel: [738616.529708] Inbound IN=eth0
> > OUT= MAC=xxxxxxx SRC=91.189.89.8 DST=192.168.1.100 LEN=44 TOS=0x00
> > PREC=0x80 TTL=60 ID=4045 DF PROTO=TCP SPT=80 DPT=34813 WINDOW=64240
> > RES=0x00 ACK SYN 
> 
> This looks like a SYN-ACK packet which is sent in response to a SYN
> packet sent from you machine to Canonical. It's part of the initial
> three way handshake used to set up a connection. So this is your
> machine trying to connect to a Canonical address over port 80 (http).
> I suspect it is Ubuntu doing daily updates or something.
> 
> Why logcheck is picking this up, I have no idea.

Thanks.  Yes logcheck can be a bit of a pain.  I have yet to devise a
successful method of filtering particular types of message, even though
I've read the documentation.  I guess I'm a bit thick :-)

- Richard
-- 
Richard Kimber
http://www.psr.keele.ac.uk/




More information about the ubuntu-users mailing list