ping using port 1025
 

Hi everyone!

Does anyone knows why ping is connecting to port 1025?

I was troubleshooting a dns problem, and made an strace of ping to an unexisting address. It happens that before sending the ICMP packet, only once, it makes this strange... connection? (it's UDP so it's not a connection)

07:13:13 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
07:13:13 connect(4, {sa_family=AF_INET, sin_port=htons(1025) sin_addr=inet_addr("10.200.200.144")}, 16) = 0
07:13:13 getsockname(4, {sa_family=AF_INET, sin_port=htons(57372), sin_addr=inet_addr("10.200.200.1")}, [16]) = 0
07:13:13 close(4)

(10.200.200.144 is the unexisting host, and 10.200.200.1 is from where I'm running ping)

I googled it, and found hints that it's used in DNS, or NFS (see wikipedia for example). I do have both: the DNS server I'm using and a NFS client, but I'm not running ping in an NFS-mounted directory.

Any hint? I'm really curious about this.

Cheers,
-- Diego.

Hi there,

in fact, the ping utility does issue a DNS lookup (or reverse lookup) on the hostname or IP that you sepcify. I'm just surprised about the port number, because DNS uses UDP port 53, AFAIK, not 1025.

[X] Doc CPU

probably this helps: https://secure.dslreports.com/forum/...open-in-linux-

Hi,
Well, I went to the source, iptutils from http://www.skbuff.net/iputils/ . It looks like it uses (hardcoded) port 1025 as source port to send it's dns requests:

But I can't figure why it was sending dns requests to the unexisting host instead of the DNS server, or anything else. I can't even see in ping.c where it does the dns resolution. I suck at C :-/

Thanks for your answers!
-- Diego.

I'd like to get an answer for this, too.