/var/log/messages shows IN=eth0 OUT

soumen1974 · 01-30-2009, 12:09 AM

Hi

I have checked my log files in my Linux system and it has a message (/var/log/message)

Jan 30 06:46:27 dns-nord2 kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:b0:d0:3e:c9:21:08:00 SRC=10.178.24.32 DST=10.178.25.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=23056 PROTO=UDP SPT=138 DPT=138 LEN=209

The name of my Linux system is dns-nord2 and it is a DNS server (Bind 9). Now the problem is, the router to which this server is connected shows a lot of traffic passes thru this server. I checked the log file and found the entries (given above) with SRC address of different systems in LAN(in the above example it is 10.178.24.32)

The IP address of the DNS server is 10.178.24.30. Please help as I could not make out what it is though I suspect it is some kind of broadcast (from the DST address 10.178.25.255).

bathory · 01-30-2009, 02:42 AM

Quote:

I checked the log file and found the entries (given above) with SRC address of different systems in LAN(in the above example it is 10.178.24.32)

This is windows boxes sending out netbios packets. Notice the protocol and the source/destination ports.

soumen1974 · 01-30-2009, 05:28 AM

Thanks a lot for your prompt reply.....