tcpdump question

To: "debian users" <debian-user@lists.debian.org>
Subject: tcpdump question
From: "Benedict Verheyen" <linux4bene@pandora.be>
Date: Fri, 8 Nov 2002 01:50:57 +0100
Message-id: <[🔎] 003d01c286c0$e61e8d80$0f00a8c0@camelot>

Hello,

i have used tcpdump to get my ssh connection going on the server.
While doing that i saw a certain address poping up that was rejected
by my shorewall firewall. I knew this ip address from when the server
was a suse server. It always tries to talk to the server every 2 minutes.
excerpt tcpdump:
10.95.11.80 > ALL-SYSTEMS.MCAST.NET: igmp query v1 [ttl 1]

Since the address is local i think it's something my isp sends out.
Does anybody have a clue for this is meant? Should i let it through?

Also, i saw other lines like this:
xxx.yyyyy.isp.be.domain > <mycablenodename>.be.32780:  54307 1/3/2
PTR[|domain] (DF)
<mycablenodename>.be.32780 > xxx.yyyyy.isp.be.domain:  54308+ PTR?
80.11.95.10.in-addr.arpa. (42) (DF)

Any idea what this is? What does the (DF) mean?

Is there a way i can detect if a connection is accepted by the firewalls
iptable rules and see where it originated from?

Thanks for any info.

Reply to:

Prev by Date: Re: multi-TB diskarrays ???
Next by Date: Re: pam-ldap headaches
Previous by thread: Re: Re: unclean netsaint removal
Next by thread: mods needed for iptables
Index(es):
- Date
- Thread