[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: packets hitting my public NIC



Il giorno ven, 22/04/2005 alle 14.08 -0700, michael ha scritto:
> Hello,
> I have a sarge box with iptables completely locked up.
> I have all policies set to drop and I only allow the ports
> that I want.
>
> But I'm curious as to what is happening here when I run this tcpdump command.
> Can anyone help me understand whats happening here:
> Thanks
> 
> # tcpdump -i eth0 -q port ! 53 and port ! 510 and ! www
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:10:54.689178 IP pcp08858971pcs.nstnig01.ct.comcast.net.gnutella-svc > 
> hpms.sd57.bc.ca.2939: tcp 134
> 14:10:54.831023 IP hpms.sd57.bc.ca.2939 > 
> pcp08858971pcs.nstnig01.ct.comcast.net.gnutella-svc: tcp 0

[...]

Try not using the -q switch for tcpdump, requiring instead a more
verbose output.
If I've understood correctly, your host is hpms.sd57.bc.ca. My humble
opinion is that your default policy isn't drop but reject, and the
datagrams your host sends are simple tcp reset. Maybe I'm wrong, anyway
check your iptables rules.

Ciao,
Gian Piero.



Reply to: