LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-16-2011, 02:51 AM   #1
mad_penguin
Member
 
Registered: Mar 2008
Posts: 69

Rep: Reputation: 15
tcpdump -i eth0 port 25 -vv


Hi gents

I'm trying to figure out what is happening when the connection to a smtp server is dropped suddenly.

Thoughts ? Ideas, anything is welcome. Thanks.

mail.log shows:

Nov 16 09:47:03 postfix/smtpd[9639]: timeout after CONNECT from unknown[192.168.1.115]
Nov 16 09:47:03 postfix/smtpd[9639]: disconnect from unknown[192.168.1.115]

doing a tcpdump on port 25, shows:
~# tcpdump -i eth0 port 25 -vv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:42:03.225829 IP (tos 0x0, ttl 64, id 54569, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.115.36354 > 192.168.1.113.smtp: Flags [F.], cksum 0x7160 (correct), seq 1544247578, ack 2245647847, win 46, options [nop,nop,TS val 170127715 ecr 346016208], length 0
09:42:03.225829 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.113.smtp > 192.168.1.115.36354: Flags [.], cksum 0x5bfe (correct), seq 1, ack 1, win 46, options [nop,nop,TS val 346021682 ecr 170127715], length 0
09:42:03.225829 IP (tos 0x0, ttl 64, id 8052, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.115.36377 > 192.168.1.113.smtp: Flags [S], cksum 0x7875 (correct), seq 3165974039, win 5840, options [mss 1460,sackOK,TS val 170127715 ecr 0,nop,wscale 7], length 0
09:42:03.225829 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.113.smtp > 192.168.1.115.36377: Flags [S.], cksum 0x4791 (correct), seq 3860289305, ack 3165974040, win 5792, options [mss 1460,sackOK,TS val 346021682 ecr 170127715,nop,wscale 7], length 0
09:42:03.225829 IP (tos 0x0, ttl 64, id 8053, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.115.36377 > 192.168.1.113.smtp: Flags [.], cksum 0x8ccf (correct), seq 1, ack 1, win 46, options [nop,nop,TS val 170127715 ecr 346021682], length 0
09:42:03.269830 IP (tos 0x0, ttl 64, id 34856, offset 0, flags [DF], proto TCP (6), length 98)
192.168.1.113.smtp > 192.168.1.115.36377: Flags [P.], cksum 0x8489 (incorrect -> 0xdda4), seq 1:47, ack 1, win 46, options [nop,nop,TS val 346021693 ecr 170127715], length 46
09:42:03.269830 IP (tos 0x0, ttl 64, id 8054, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.115.36377 > 192.168.1.113.smtp: Flags [.], cksum 0x8c8c (correct), seq 1, ack 47, win 46, options [nop,nop,TS val 170127725 ecr 346021693], length 0
 
Old 11-16-2011, 09:24 AM   #2
goossen
Member
 
Registered: May 2006
Location: Bayern, Germany
Distribution: Many
Posts: 224

Rep: Reputation: 41
Are you allowing your LAN ?
I'd like to see the contents of you main.cf file. Be sure to hide sensitive info like your domain and real ip address before posting here.

Also, are you using any type of firewall ? Is DNS properly configured ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I get tcpdump to display the port and not the service name? ex: its putting abefroman Linux - Security 2 07-06-2012 04:40 AM
Listen same port on eth0 and eth0:1 luckyluke09 Linux - Networking 3 10-11-2009 06:24 PM
Forward Port 80 from eth0 to eth1 emjga Linux - Networking 1 02-04-2009 12:57 PM
Default port for eth0 rahilmaknojia Linux - Networking 6 08-14-2008 02:55 AM
tcpdump wont show the correct amount of traffic in single port scan? positrox Linux - Networking 0 08-05-2006 10:04 AM


All times are GMT -5. The time now is 07:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration