[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables question

deloptes wrote:

> Igor Cicimov wrote:
> 
>> Run tcpdump and check whats happening
> 
> That is strange - I will look into this direction - let me know if you
> have any ideas
> 
> regards
> 
> 
> tcpdump -vvv dst 10.0.0.7
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 08:07:11.591763 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
> tell 10.0.0.1, length 28
> 08:07:12.591729 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
> tell 10.0.0.1, length 28
> 08:07:13.591686 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
> tell 10.0.0.1, length 28
> 08:07:14.595695 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
> tell 10.0.0.1, length 28
> 08:07:15.595632 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
> tell 10.0.0.1, length 28
> 08:07:16.595620 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
> tell 10.0.0.1, length 28
> 
> 
> 
> tcpdump -vvv dst 10.0.0.138
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 08:04:55.765744 IP (tos 0x0, ttl 63, id 26002, offset 0, flags [DF], proto
> TCP (6), length 60)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [S], cksum 0xc2c6 (correct),
>     seq
> 2408995280, win 29200, options [mss 1460,sackOK,TS val 223296578 ecr
> 0,nop,wscale 7], length 0
> 08:04:55.767594 IP (tos 0x0, ttl 63, id 26003, offset 0, flags [DF], proto
> TCP (6), length 40)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [.], cksum 0x242c (correct),
>     seq
> 2408995281, ack 3147433360, win 229, length 0
> 08:04:55.772423 IP (tos 0x0, ttl 63, id 44890, offset 0, flags [none],
> proto UDP (17), length 69)
>     10.0.0.1.24455 > 10.0.0.138.domain: [udp sum ok] 7454+ PTR?
> 138.0.0.10.in-addr.arpa. (41)
> 08:04:55.774778 IP (tos 0x0, ttl 63, id 26004, offset 0, flags [DF], proto
> TCP (6), length 79)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [P.], cksum 0xfb15 (correct),
>     seq
> 0:39, ack 1, win 229, length 39
> 08:04:55.787360 IP (tos 0x0, ttl 63, id 26005, offset 0, flags [DF], proto
> TCP (6), length 40)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [.], cksum 0x23eb (correct),
>     seq
> 39, ack 27, win 229, length 0
> 08:04:55.789504 IP (tos 0x0, ttl 63, id 26006, offset 0, flags [DF], proto
> TCP (6), length 1500)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [.], cksum 0x7c86 (correct),
>     seq
> 39:1499, ack 27, win 229, length 1460
> 08:04:55.789680 IP (tos 0x0, ttl 63, id 26007, offset 0, flags [DF], proto
> TCP (6), length 228)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [P.], cksum 0x46dd (correct),
>     seq
> 1499:1687, ack 27, win 229, length 188
> 08:04:55.791326 IP (tos 0x0, ttl 63, id 26008, offset 0, flags [DF], proto
> TCP (6), length 312)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [P.], cksum 0xb0d6 (correct),
>     seq
> 1687:1959, ack 339, win 237, length 272
> 08:04:55.796226 IP (tos 0x0, ttl 63, id 44893, offset 0, flags [none],
> proto UDP (17), length 67)
>     10.0.0.1.63625 > 10.0.0.138.domain: [udp sum ok] 17121+ PTR?
> 1.0.0.10.in-addr.arpa. (39)
> 08:04:58.223139 IP (tos 0x0, ttl 63, id 26009, offset 0, flags [DF], proto
> TCP (6), length 56)
>     10.0.0.1.52112 > 10.0.0.138.ssh: Flags [P.], cksum 0x0ea9 (correct),
>     seq
> 1959:1975, ack 915, win 246, length 16



My wife turned off the wireless

08:59:06.127029 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
tell 10.0.0.1, length 28
08:59:06.202411 IP (tos 0x0, ttl 63, id 50126, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0x5a12 (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226547112 ecr
0,nop,wscale 7], length 0
08:59:07.172012 IP (tos 0x0, ttl 63, id 50127, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0x55fa (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226548160 ecr
0,nop,wscale 7], length 0
08:59:09.219907 IP (tos 0x0, ttl 63, id 50128, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0x4dfa (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226550208 ecr
0,nop,wscale 7], length 0
08:59:13.251697 IP (tos 0x0, ttl 63, id 50129, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0x3e3a (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226554240 ecr
0,nop,wscale 7], length 0
08:59:21.571248 IP (tos 0x0, ttl 63, id 50130, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0x1dba (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226562560 ecr
0,nop,wscale 7], length 0
08:59:37.954393 IP (tos 0x0, ttl 63, id 50131, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0xddb9 (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226578944 ecr
0,nop,wscale 7], length 0
09:00:10.208566 IP (tos 0x0, ttl 63, id 50132, offset 0, flags [DF], proto
TCP (6), length 60)
    10.0.0.1.34912 > RM696.ssh: Flags [S], cksum 0x5fb9 (correct), seq
3855619686, win 29200, options [mss 1460,sackOK,TS val 226611200 ecr
0,nop,wscale 7], length 0
09:00:15.205453 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has RM696
tell 10.0.0.1, length 28
Reply to: