LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   unwanted packets on terminal (https://www.linuxquestions.org/questions/linux-networking-3/unwanted-packets-on-terminal-230564/)

harmster 09-14-2004 02:15 PM

unwanted packets on terminal
 
Hi all,
Recently I installed a PentiumII in the living room as a mp3 server. I used Debian unstable with a new kernel version 2.6.5. Together with my workstation and NFS everything works like a dream. But if I connect a monitor to the PII it soon gets flooded with messages like:
Code:

IN=eth0 OUT= MAC= SRC=192.168.2.6 DST=192.168.2.255 LEN=263 TOS=0x00 PREC=0x00 TTL=64 ID=49 DF PROTO=UDP SPT=138 DPT=138 LEN=243
IN=eth0 OUT= MAC= SRC=192.168.2.6 DST=192.168.2.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=50 DF PROTO=UDP SPT=138 DPT=138 LEN=215

These messages also appear in syslog.
Can someone tell me how to get rid of those messages? They make mp3blaster unreadable.

scowles 09-14-2004 03:51 PM

I can offer a couple of pointers:

1) The log entries look to be from the netfilter package. i.e. iptables

2) The packets referenced are microsoft datagram broadcast packets. i.e. local master browser
announcement, master broswer announcement, one smb host broadcasting for another smb host, etc...

What I can't tell from the log message is wether or not these packets were rejected
or were they accepted and just simply logged. The iptable rules you run on this
system should answer that

If you simply want to stop these messages from being logged to the console, look at:
man dmesg
in particular, the -n option

Otherwise, take a look at your iptable rules and fix the rule thats causing the problem.

harmster 09-14-2004 03:57 PM

That samba part made sense. I'll look into it. Thanks.

harmster 09-14-2004 04:03 PM

btw, how do you see these packets are microsoft datagrams?

zatriz 09-14-2004 04:54 PM

SPT=138 DPT=138
port numbers specify 138 which is for netbios datagram
You could also disable netbios over tcpip on all your windows machines too.

Also check in your /etc/syslog.conf file for a line like this
kern.* /dev/console
or
kern.* *
and just comment it out like this by putting a # sign in front of it
#kern.* /dev/console



harmster 09-15-2004 02:28 AM

I indeed checked the /etc/syslog.conf but found nothing out of the ordinary there. What I _did_ find where some iptables with weird LOG messages, those where no longer necessary and after deleting them my problem was solved! Thank you all for the fast responses and for putting me on track.

bramptoncompute 05-05-2005 04:23 PM

Helloo,

I'm having the same problem, but I've found no weird log stuff in the /etc/syslog.conf file to remove (not that I would know what to remove, as I am a newbie)

Here's what I have

3 computers behind a linksys router
computer #1 - wired, fedora core 3 which I am trying to configure using "Setting up LAMP" by two guys named Eric
computer #2 - wired, winxp sp2 sending broadcasts that are being picked up by computer #1 and displayed on the console
computer #3 - wireless, running winxp sp2 also sending broadcasts

The console keeps poping up something like:

IN-eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06.. SCR=192.168.1.101 (or 102) DST=192.168.1.255 LEN=243 TOS=0x00 PREC=0x00 TTL=128 ID=31118 (changes) PROTO=UDP SPT=137 (or 138) DPT=138 (or 137) LEN=58

Otherthan replacing the winXP OS's with Fedora, does anyone have any suggestions????

This happened after I setup the firewall iptables.

Thanks,

harmster 05-07-2005 06:28 AM

Yeah those log messages aren't alway it. It's been awhile now, but if i remember correctly you should check you NAT pre-routing table with: $:iptables -t nat -L
I believe I found some weirdness there and after removing it things where fine.

Hope this helps!


All times are GMT -5. The time now is 12:08 AM.