What process is sending these UPD packets?

To: debian-user@lists.debian.org
Subject: What process is sending these UPD packets?
From: Michael Laing <mpl@ucook.com>
Date: Sun, 01 Aug 1999 12:42:54 -0400
Message-id: <[🔎] 37A4790E.98CCFB56@ucook.com>

I have a slink server which runs samba (smbd, nmdb), named, and xntpd as
well as an IP masquerade for a bunch of internal windoz machines.

A few weeks ago I started getting bursts of UDP packets every 30 seconds
or so which are rejected by the standard firewall and clog up my
/var/log/messages file to the tune of several MB daily.

Here's what they look like from 'dmesg':

IP fw-in deny eth1 UDP 192.168.0.1:1033 255.255.255.255:1478 L=329
S=0x00 I=64386 F=0x0000 T=128
(repeated many times)

Here they are from /var/log/messages:

Aug  1 11:27:37 myhostname kernel: IP fw-in deny eth1 UDP
192.168.0.1:1033 255.255.255.255:1478 L=329 S=0x00 I=51847 F=0x0000
T=128 
(repeated many times)

Using 'tcpdump -i eth1 udp' I see:

11:33:01.485932 myexternalhostalias.ucook.com.1033 >
255.255.255.255.1478: udp 301
(repeated 12 more times in each burst)

'lsof' doesn't help me find out what started sending these, at least I
can't figure it out.

Does anyone know what sends these? Or know how to find out?

Or how to get it to stop? Or just how to not clog the log??

Thanks,
ml

Reply to:

Follow-Ups:
- Re: What process is sending these UPD packets?
  - From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>

Prev by Date: ascii -> tiff
Next by Date: apologizes
Previous by thread: Re: ascii -> tiff
Next by thread: Re: What process is sending these UPD packets?
Index(es):
- Date
- Thread