LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-11-2012, 03:07 PM   #1
furbear1
LQ Newbie
 
Registered: Jan 2012
Location: SF Bay Area
Distribution: OEL v6.1 (RHEL)
Posts: 5

Rep: Reputation: Disabled
TCPDUMP showing unknown address in capture


Howdy folks, bit of a newbie here...actually used to do Jr. Unix Admin(Solaris)/Network Engineer kind of stuff in the late 90's so I know enough to get myself into trouble but not always enough to get myself out of it.

I'm not able to see my Zend-installed Apache2 server from anywhere on the local LAN except localhost. When I run a TCPDUMP and access 'localhost' from the local browser, I get a conversation with 174.35.40.3 that traces through CDNetworks/Los Angeles with an unresolved IP address. There is no similar conversation with other hosts on the local LAN in TCPDUMP traces. No problem getting to the index page of my server but I'm a bit suspicious about what the conversation with the strange IP address is. BTW, I did disable avahi-daemon as it's not really necessary but I'm not sure if it's related.

By way of example:

12:38:14.477100 IP (tos 0x0, ttl 64, id 46176, offset 0, flags [DF], proto TCP (6), length 60)
Elvis.marknet.net.51725 > 174.35.40.3.http: Flags [S], cksum 0x7bc6 (correct), seq 1270028126, win 5840, options [mss 1460,sackOK,TS val 76587838 ecr 0,nop,wscale 7], length 0
12:38:14.523670 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto TCP (6), length 60)
174.35.40.3.http > Elvis.marknet.net.51725: Flags [S.], cksum 0x9435 (correct), seq 3781842156, ack 1270028127, win 64784, options [mss 1452,sackOK,TS val 33474801 ecr 76587838,nop,wscale 7], length 0

Any clues would be much appreciated. Thanks!
 
Old 01-11-2012, 05:29 PM   #2
mmrtnt
LQ Newbie
 
Registered: Nov 2006
Location: las vegas, nevada
Distribution: fedora core x
Posts: 25

Rep: Reputation: 8
I looked at that IP address with a browser and got a login page.

Does your index.html have a username/password block on it?
 
Old 01-11-2012, 06:09 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,335
Blog Entries: 55

Rep: Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535Reputation: 3535
Quote:
Originally Posted by furbear1 View Post
When I (..) access 'localhost' from the local browser, I get a conversation with (..) an unresolved IP address.
If your 'lft localhost' or 'tcptraceroute localhost' leave your LAN then that sounds like local DNS misconfiguration to me.
 
Old 01-11-2012, 09:11 PM   #4
furbear1
LQ Newbie
 
Registered: Jan 2012
Location: SF Bay Area
Distribution: OEL v6.1 (RHEL)
Posts: 5

Original Poster
Rep: Reputation: Disabled
@mmrtnt - I've got no idea where that login screen comes from. The traceroute ended up at CD Network with a level3.net Los Angeles network IP resolution.

[root@Elvis logs]# traceroute 174.35.3.6
traceroute to 174.35.3.6 (174.35.3.6), 30 hops max, 60 byte packets
....
12 ae-2-70.edge2.LosAngeles9.Level3.net (4.69.144.79) 58.555 ms ae-1-60.edge2.LosAngeles9.Level3.net (4.69.144.15) 59.767 ms ae-2-70.edge2.LosAngeles9.Level3.net (4.69.144.79) 61.702 ms
13 CDNETWORKS.edge2.LosAngeles9.Level3.net (4.53.230.6) 63.673 ms 65.102 ms 66.619 ms
14 174.35.3.6 (174.35.3.6) 68.322 ms 70.270 ms 71.794 ms

As I mentioned, I still get the index.html page that is on my server. Maybe as unSpawn says, it's a DNS problem. Checking.....
 
Old 01-12-2012, 02:08 PM   #5
furbear1
LQ Newbie
 
Registered: Jan 2012
Location: SF Bay Area
Distribution: OEL v6.1 (RHEL)
Posts: 5

Original Poster
Rep: Reputation: Disabled
OK, this is my take on what's going on. The index.html page for the server is a splash page for Zend PHP Server with link graphics rather than local graphics. Soooo....when the page loads, it makes a call to a server where the graphic resides. So even though the page is on my server, not all of what's displayed is on my server. I don't have the same issue when I use my own generic index page. I learn something every day...
Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Rotating capture files using tcpdump prafulnama Linux - Networking 20 06-18-2015 01:24 PM
Help with tcpdump to capture traffic. abefroman Linux - Networking 4 04-04-2008 03:08 AM
tcpdump does not capture all packets logicalfuzz Linux - Networking 1 03-19-2007 12:47 PM
not capture payload with tcpdump? hedpe Linux - Networking 6 02-07-2006 02:23 PM
retransmiting tcpdump capture file? JWT2 Linux - Networking 9 10-09-2005 08:27 AM


All times are GMT -5. The time now is 12:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration