LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page 1.0.0.127 UDP 514 Traffic
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-22-2011, 01:27 PM   #1
wildtwins
LQ Newbie
 
Registered: Sep 2011
Posts: 1

Rep: Reputation: Disabled
Exclamation 1.0.0.127 UDP 514 Traffic

Begging for help here...

I am a IT Security Specialist, not a LINUX specialist, and I hope one of you guru's can help me out.

I am seeing allot of traffic on our network that is coming from various Linux servers going to 1.0.0.127 udp port 514. And I have no idea what it is. I know 514 is SYSLOG and 1.0.0.127 is a reverse-dns for the local host, but nobody in our enterprise can explain the traffic. I did a packet capture and show's the packets with "autotrace[5625]: E: procname: cannot op" in the SYSLOG portion of the packet. Any ideas?
 
Old 09-22-2011, 01:46 PM   #2
mpapet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 548

Rep: Reputation: 72
Quote:
Originally Posted by wildtwins View Post
Begging for help here...

I am a IT Security Specialist, not a LINUX specialist, and I hope one of you guru's can help me out.

I am seeing allot of traffic on our network that is coming from various Linux servers going to 1.0.0.127 udp port 514. And I have no idea what it is. I know 514 is SYSLOG and 1.0.0.127 is a reverse-dns for the local host, but nobody in our enterprise can explain the traffic. I did a packet capture and show's the packets with "autotrace[5625]: E: procname: cannot op" in the SYSLOG portion of the packet. Any ideas?
It sounds like syslog is configured to broadcast on one or more servers. Check the syslog configuration on the hosts.
Last edited by mpapet; 09-22-2011 at 02:02 PM.
 
0 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gateway that forces traffic to go through proxy at its 127.0.0.1:9666 Ulysses_ Linux - Networking 3 04-18-2011 06:30 PM
UDP traffic unauthorized on Ubuntu 10.04 galen Linux - Security 2 03-12-2011 07:05 PM
Strange problem with udp traffic rosen4o Linux - Networking 5 01-27-2010 02:45 PM
Send a UDP Syslog packet with Source Port set to 514 fjkum Programming 1 01-26-2010 03:53 PM
Testing message to SyslogD UDP port 514. Zepiroth Linux - Server 0 09-01-2006 12:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:15 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration