LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-26-2005, 12:30 PM   #1
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
Strange results from dmesg


Hey everyone. I have a strange 2 part issue here. Here is the more serious of the two, please check out my results from dmesg, and tell me what is going on. I'm denying tons of traffic trying to come into my machine. I have azureus installed, but it isn't running currently, and hasn't been running at all in the past 72 hours.
Code:
[jim@primary dev]$ dmesg
7 ACK=2236099210 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19532 PROTO=TCP SPT=443 DPT=1493 SEQ=685105655 ACK=2229693195 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31259 PROTO=TCP SPT=80 DPT=1492 SEQ=1052363148 ACK=2236457202 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=61.134.49.34 DST=24.239.152.110 LEN=470 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=52460 DPT=1026 LEN=450
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41185 PROTO=TCP SPT=443 DPT=1496 SEQ=1963798369 ACK=2861444250 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.147 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31986 PROTO=TCP SPT=443 DPT=1494 SEQ=585132981 ACK=2867726416 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23294 PROTO=TCP SPT=80 DPT=1495 SEQ=2419528179 ACK=2860607232 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=212.14.85.239 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=31752 PROTO=UDP SPT=18199 DPT=1026 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=212.26.22.28 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=32801 PROTO=UDP SPT=10070 DPT=1027 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=24.239.99.57 DST=24.239.152.110 LEN=92 TOS=0x00 PREC=0x00 TTL=111 ID=22062 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=36002
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25591 PROTO=TCP SPT=443 DPT=1499 SEQ=3909680420 ACK=3493841340 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24567 PROTO=TCP SPT=443 DPT=1497 SEQ=1844470399 ACK=3497447513 WINDOW=9700 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=218.83.153.58 DST=24.239.152.110 LEN=461 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=35766 DPT=1026 LEN=441
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=218.83.155.77 DST=24.239.152.110 LEN=364 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=52115 DPT=1026 LEN=344
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.105 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28436 PROTO=TCP SPT=443 DPT=1502 SEQ=1234136941 ACK=4130825472 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24567 PROTO=TCP SPT=443 DPT=1497 SEQ=1844470399 ACK=3497447513 WINDOW=9700 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=218.83.153.58 DST=24.239.152.110 LEN=461 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=35766 DPT=1026 LEN=441
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=218.83.155.77 DST=24.239.152.110 LEN=364 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=52115 DPT=1026 LEN=344
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.105 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28436 PROTO=TCP SPT=443 DPT=1502 SEQ=1234136941 ACK=4130825472 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.147 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30228 PROTO=TCP SPT=443 DPT=1500 SEQ=1864908392 ACK=4129140009 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19188 PROTO=TCP SPT=443 DPT=1505 SEQ=3947453873 ACK=473124275 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17396 PROTO=TCP SPT=443 DPT=1503 SEQ=3442082399 ACK=463028351 WINDOW=9700 RES=0x00 RST URGP=0
martian source 192.168.69.2 from 192.168.69.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:03:88:30:ea:0b:08:06
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38873 PROTO=TCP SPT=80 DPT=1504 SEQ=3789559517 ACK=467629826 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3205 PROTO=TCP SPT=443 DPT=1507 SEQ=936590707 ACK=1107763412 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.185.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=14495 PROTO=TCP SPT=443 DPT=1509 SEQ=2973301512 ACK=1100086685 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.185.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=43664 PROTO=TCP SPT=80 DPT=1508 SEQ=4287977896 ACK=1101811176 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9910 PROTO=TCP SPT=443 DPT=1512 SEQ=1250165808 ACK=1733846896 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11967 PROTO=TCP SPT=443 DPT=1510 SEQ=602775147 ACK=1745690916 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52123 PROTO=TCP SPT=80 DPT=1511 SEQ=1017017492 ACK=1735840420 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17127 PROTO=TCP SPT=443 DPT=1513 SEQ=736619828 ACK=2374966501 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.105 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36140 PROTO=TCP SPT=443 DPT=1515 SEQ=3579936913 ACK=2379006019 WINDOW=9700 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=218.83.158.204 DST=24.239.152.110 LEN=461 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=51059 DPT=1026 LEN=441
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45734 PROTO=TCP SPT=443 DPT=1516 SEQ=1917523587 ACK=3012481725 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.105 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=286 PROTO=TCP SPT=443 DPT=1518 SEQ=4009134286 ACK=3004385028 WINDOW=9700 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=24.238.82.5 DST=24.239.152.110 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=12772 DF PROTO=TCP SPT=4402 DPT=1433 SEQ=1339747914 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62459 PROTO=TCP SPT=443 DPT=1519 SEQ=2071528982 ACK=3637819656 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=252 PROTO=TCP SPT=443 DPT=1521 SEQ=2367507671 ACK=3634983284 WINDOW=9700 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=219.148.64.68 DST=24.239.152.110 LEN=469 TOS=0x00 PREC=0x00 TTL=42 ID=8990 PROTO=UDP SPT=51744 DPT=1027 LEN=449
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56704 PROTO=TCP SPT=443 DPT=1522 SEQ=3854557884 ACK=4283520761 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.105 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10756 PROTO=TCP SPT=443 DPT=1524 SEQ=3394995403 ACK=4275486682 WINDOW=9300 RES=0x00 RST URGP=0
martian source 192.168.69.2 from 192.168.69.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:03:88:30:ea:0b:08:06
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=65.1.188.88 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=114 ID=28385 PROTO=UDP SPT=11397 DPT=1026 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=222.88.173.5 DST=24.239.152.110 LEN=666 TOS=0x00 PREC=0x00 TTL=104 ID=46627 PROTO=UDP SPT=5443 DPT=1026 LEN=646
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62287 PROTO=TCP SPT=443 DPT=1529 SEQ=904885274 ACK=610074793 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3980 PROTO=TCP SPT=443 DPT=1531 SEQ=1317477820 ACK=610472744 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=221.171.171.179 DST=24.239.152.110 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=3976 DF PROTO=TCP SPT=2282 DPT=5554 SEQ=759454514 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204058601010402)
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=221.171.171.179 DST=24.239.152.110 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=4660 DF PROTO=TCP SPT=2783 DPT=1023 SEQ=784255408 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204058601010402)
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=221.171.171.179 DST=24.239.152.110 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=6157 DF PROTO=TCP SPT=3861 DPT=9898 SEQ=835781377 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204058601010402)
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=201.17.46.157 DST=24.239.152.110 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=2444 DF PROTO=TCP SPT=2025 DPT=3306 SEQ=3669493204 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=3328 OPT (020405B401010402)
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=201.17.46.157 DST=24.239.152.110 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=2502 DF PROTO=TCP SPT=2025 DPT=3306 SEQ=3669493204 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7112 PROTO=TCP SPT=443 DPT=1534 SEQ=1058271872 ACK=1256278825 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32968 PROTO=TCP SPT=443 DPT=1536 SEQ=709673168 ACK=1247247042 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=24.239.99.57 DST=24.239.152.110 LEN=92 TOS=0x00 PREC=0x00 TTL=111 ID=46037 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=916
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56661 PROTO=TCP SPT=443 DPT=1541 SEQ=794090411 ACK=1888229176 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51029 PROTO=TCP SPT=443 DPT=1539 SEQ=3791164152 ACK=1876332171 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.99 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21079 PROTO=TCP SPT=443 DPT=1576 SEQ=2511286448 ACK=2318281450 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62799 PROTO=TCP SPT=443 DPT=1575 SEQ=506150678 ACK=2315690783 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63055 PROTO=TCP SPT=443 DPT=1577 SEQ=2537640654 ACK=2320030444 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29256 PROTO=TCP SPT=443 DPT=1580 SEQ=1085299654 ACK=2353085799 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32072 PROTO=TCP SPT=443 DPT=1579 SEQ=801358147 ACK=2343193822 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36352 PROTO=TCP SPT=443 DPT=1584 SEQ=2959180649 ACK=2515768592 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.105 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4452 PROTO=TCP SPT=443 DPT=1586 SEQ=3527261007 ACK=2517012241 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.107 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56545 PROTO=TCP SPT=443 DPT=1597 SEQ=2310480917 ACK=3145085317 WINDOW=9300 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.104 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56033 PROTO=TCP SPT=443 DPT=1595 SEQ=3011639115 ACK=3158028808 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=213.12.211.101 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=3185 PROTO=UDP SPT=10763 DPT=1026 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=212.189.244.228 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=4387 PROTO=UDP SPT=16540 DPT=1027 LEN=888
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.106 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34768 PROTO=TCP SPT=443 DPT=1602 SEQ=3888918332 ACK=3786358699 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.147 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63601 PROTO=TCP SPT=443 DPT=1600 SEQ=3940207193 ACK=3781130065 WINDOW=9700 RES=0x00 RST URGP=0
martian source 192.168.69.2 from 192.168.69.1, on dev eth2
ll header: ff:ff:ff:ff:ff:ff:00:03:88:30:ea:0b:08:06
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=202.126.14.108 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=48492 PROTO=UDP SPT=2109 DPT=1029 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=195.165.69.82 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=29369 PROTO=UDP SPT=7211 DPT=1026 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=196.1.100.46 DST=24.239.152.110 LEN=908 TOS=0x00 PREC=0x00 TTL=113 ID=58299 PROTO=UDP SPT=4603 DPT=1027 LEN=888
DROPPED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=222.88.173.5 DST=24.239.152.110 LEN=666 TOS=0x00 PREC=0x00 TTL=104 ID=44270 PROTO=UDP SPT=26900 DPT=1026 LEN=646
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.147 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36726 PROTO=TCP SPT=443 DPT=1604 SEQ=1578186305 ACK=130064154 WINDOW=9700 RES=0x00 RST URGP=0
ABORTED IN=eth0 OUT= MAC=00:50:ba:c8:6d:ca:00:0b:bf:7e:fc:8d:08:00 SRC=64.233.161.147 DST=24.239.152.110 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57718 PROTO=TCP SPT=443 DPT=1604 SEQ=1578186305 ACK=130064155 WINDOW=8201 RES=0x00 RST URGP=0
The reason I looked at this in the first place is part 2 of our unplanned and unwanted Saturday challenge! I have an external usb drive, and I haven't mounted it since January. I want to use it today, so I plugged it in and tried to mount it. I couldn't get it mounted, so I looked in the .bash_history to see exactly what command I used back in Janurary to mount it. I found that I used mount -t vfat /dev/sda1 /media/usbmusic/, and that worked fine. Now when I try that command, I see that I no longer have /dev/sd*. Apparently some of the yum/up2date upgrades from fedora removed the sda from the /dev directory. I originally looked in dmesg to find out what if anything my computer was now calling my unmounted disk, and saw all the traffic errors.

If anyone can help with either or both of the problems, I would be greatly appreciative. In short, what's with all the traffic that is in my dmesg command, and what replaced /dev/sda in FC3.

Thanks again!

Peace,
JimBass

Last edited by JimBass; 03-26-2005 at 12:31 PM.
 
Old 03-26-2005, 01:41 PM   #2
lokee
Member
 
Registered: Feb 2003
Distribution: Gentoo
Posts: 381

Rep: Reputation: 30
Ohh... I see, that's a problem with iptables.
Basically, it's rejecting/dropping some of your packets.

This should help:
https://lists.netfilter.org/pipermai...ne/053727.html


Regards,

Last edited by lokee; 03-26-2005 at 01:45 PM.
 
Old 03-26-2005, 01:45 PM   #3
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Original Poster
Rep: Reputation: 48
Yes, I use the guarddog firewall for KDE. I'm looking to see why things are aborted rather than dropped.
[edit] Ok, so I read the entire thread that you linked to, and they suggest changing a timeout value. Would I have to manually edit my iptables? I don't see anything along this line in the GUI. [/edit]

Thanks!

Peace,
JimBass

Last edited by JimBass; 03-26-2005 at 01:53 PM.
 
Old 03-26-2005, 01:48 PM   #4
lokee
Member
 
Registered: Feb 2003
Distribution: Gentoo
Posts: 381

Rep: Reputation: 30
Ohh. I just edited my previous post.
Try looking at what I pointed out.
 
Old 03-26-2005, 01:59 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,743
Blog Entries: 4

Rep: Reputation: 76
I don't think you need to worry about this. It is just your firewall logging all dropped packets.
The "ABORTED" packets are generally caused by certain types of TCP scans, when someone
spoofs an ip address for the originating scan and your kernel realizes the TCP 'handshake' is missing.

As for your second problem, have you moved to/from udev or devfs since it worked?
 
Old 03-26-2005, 02:35 PM   #6
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Original Poster
Rep: Reputation: 48
To lokee: I saw your link and read the entire thread, it seems I may need to edit some timeout values in my iptables script? The thread eased my worries in that nothing malicious is happening, but it was to much of an "insider" thread for me to know what to do differently on my end. I tried turning off logging on the firewall, but I did that 10 minutes ago and my dmesg is still full of those SPT messages.

To bulliver: I haven't consciously changed from or to anything, but the fedora team has given me 2 or 3 minor upgrades to the 2.6.10 kernel, and I'm guessing they changed something. Like I said earlier, I tried checking dmesg to see what my system was now naming the usb drive, but all I see are the dropped package messages. How can I check if I'm using udev/devfs, and what impact will that have on my mount command? It would seem to me in my ignorance that that would only change (possibily) the [-t vfat] to [-t devfs], but the filesystem type isn't the issue, it is that the sda (scsi-drive I think) has been changed to something else.

Thanks to both of you fo the help so far, I'll be aferoing you shortly!

Thanks and Peace,
JimBass
 
Old 03-26-2005, 02:56 PM   #7
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,743
Blog Entries: 4

Rep: Reputation: 76
Hello Jim,

I ask about udev/devfs because rather than having static listings in /dev directory, these two programs create the needed device nodes
on the fly. I do not use Fedora, so I am unsure how to check which one you are using.

You mention a kernel upgrade...did you ensure that the drivers for your USB disk were built? Are they loaded?
Try 'cat /proc/bus/usb/devices' does it list any devices attached? You will need USB mass storage support in the kernel. Try to
'modprobe usb-storage', if there is no error, plug in your device and run 'dmesg | grep usb' and/or 'dmesg | grep sd',
is your device there now?
 
Old 03-26-2005, 09:51 PM   #8
lokee
Member
 
Registered: Feb 2003
Distribution: Gentoo
Posts: 381

Rep: Reputation: 30
Quote:
Originally posted by JimBass
. I tried turning off logging on the firewall, but I did that 10 minutes ago and my dmesg is still full of those SPT messages.
If you *really* turned logging off in guardog, then these errors should stop popping up.
Here's the explanation to why you still see the error messages.
dmesg just the content of a log. Past messages still appear.

Signal me if new ones still appear(Differentiate them by the source IP).

Regards,
 
Old 03-27-2005, 01:20 PM   #9
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Original Poster
Rep: Reputation: 48
Guys,

After getting a chance to get away from my machine and then coming back to it, all is cool. I guess before the device wasn't fully powered up - IE the indicator lights went on, but dmesg never said anything about the device. I thought that was because it was too full of the dropped/aborted packets mesages, but lokee corrected me that it was just a log, so it didn't have info on the drive because the drive wasn't functioning. When I tightened up all of the cables, this appeared in dmesg:
Code:
usb 1-1: new full speed USB device using ohci_hcd and address 4
scsi1 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 4
usb-storage: waiting for device to settle before scanning
  Vendor: HDS72258  Model: 0VLAT20           Rev: V32O
  Type:   Direct-Access                      ANSI SCSI revision: 00
SCSI device sda: 160836481 512-byte hdwr sectors (82348 MB)
sda: assuming drive cache: write through
SCSI device sda: 160836481 512-byte hdwr sectors (82348 MB)
sda: assuming drive cache: write through
 sda: sda1
Attached scsi disk sda at scsi1, channel 0, id 0, lun 0
usb-storage: device scan complete
FAT: invalid media value (0xb9)
VFS: Can't find a valid FAT filesystem on dev sda.
FAT: invalid media value (0xb9)
VFS: Can't find a valid FAT filesystem on dev sda.
FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
SELinux: initialized (dev sda1, type vfat), uses genfs_contexts
So Bulliver you were right, I do have udev/devfs, because the minute the disk was properly plugged in, it created a /dev/sda for me. I didn't think those directories were dynamic, so I have learned something new!

One last question - I am using this disk as a trade medium, where I bring all my mp3s to a friends, they copy all mine, erase and upload all of theirs. I use linux only, many friends use Mac, and others use Redmond's type of OS. I formatted the usbdisk with vfat because I assumed all of the computers could read and write to that. They can, but it tends to be painfully slow. It will often take computers (even p4 512+ ram ones) 8-12 hours to copy 40 or so gis off and load about 20 gigs on. That seems excessively slow to me. Can the filesystem effect that? Like if I were to format it differently, could that speed up the transfer time?

I'm giving you guys both what used to be "afero" and now are "thanks" as soon as this posts. Thanks again for the help!

Peace,
JimBass
 
Old 03-27-2005, 04:00 PM   #10
Genesee
Member
 
Registered: Dec 2002
Distribution: Slackware
Posts: 927

Rep: Reputation: 30
JimBass -

here's some info on UDEV, fyi:
http://webpages.charter.net/decibels...DEVPrimer.html
http://www.reactivated.net/udevrules.php
 
Old 03-27-2005, 04:43 PM   #11
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,743
Blog Entries: 4

Rep: Reputation: 76
Quote:
8-12 hours to copy 40 or so gis off and load about 20 gigs on. That seems excessively slow to me
Indeed, that does seem excessively slow...

Unfortunately to do cross-platform you need to use the lowest common denominator, in this case, vfat.
It is the only one that Apple, MS, and linux can all understand. I have no idea if vfat can be sped up.

The only other solution is to use Samba to export the files, but that may be a bit much trouble for just transfering some files...
Maybe someone else can help here...
Good luck.

PS, thanks for the 'thanks', very appreciated.

Last edited by bulliver; 03-27-2005 at 04:47 PM.
 
Old 03-27-2005, 06:15 PM   #12
lokee
Member
 
Registered: Feb 2003
Distribution: Gentoo
Posts: 381

Rep: Reputation: 30
Quote:
Originally posted by JimBass

I'm giving you guys both what used to be "afero" and now are "thanks" as soon as this posts. Thanks again for the help!
My pleasure!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
network - strange console messages on dmesg ganja_guru Linux - Software 4 01-18-2005 05:58 AM
Strange dmesg output voyciz Linux - Networking 3 06-08-2004 12:05 PM
Who can read this strange dmesg? fenice1976 Linux - Software 6 05-26-2004 08:30 PM
iptables firewall seems to work but strange output in dmesg. ldp Linux - Networking 3 04-17-2004 02:00 PM
very strange dmesg output salparadise Linux - Software 6 04-08-2004 11:34 AM


All times are GMT -5. The time now is 07:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration