[SOLVED] TCPDUMP showing unknown address in capture
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Howdy folks, bit of a newbie here...actually used to do Jr. Unix Admin(Solaris)/Network Engineer kind of stuff in the late 90's so I know enough to get myself into trouble but not always enough to get myself out of it.
I'm not able to see my Zend-installed Apache2 server from anywhere on the local LAN except localhost. When I run a TCPDUMP and access 'localhost' from the local browser, I get a conversation with 22.214.171.124 that traces through CDNetworks/Los Angeles with an unresolved IP address. There is no similar conversation with other hosts on the local LAN in TCPDUMP traces. No problem getting to the index page of my server but I'm a bit suspicious about what the conversation with the strange IP address is. BTW, I did disable avahi-daemon as it's not really necessary but I'm not sure if it's related.
By way of example:
12:38:14.477100 IP (tos 0x0, ttl 64, id 46176, offset 0, flags [DF], proto TCP (6), length 60)
Elvis.marknet.net.51725 > 126.96.36.199.http: Flags [S], cksum 0x7bc6 (correct), seq 1270028126, win 5840, options [mss 1460,sackOK,TS val 76587838 ecr 0,nop,wscale 7], length 0
12:38:14.523670 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto TCP (6), length 60)
188.8.131.52.http > Elvis.marknet.net.51725: Flags [S.], cksum 0x9435 (correct), seq 3781842156, ack 1270028127, win 64784, options [mss 1452,sackOK,TS val 33474801 ecr 76587838,nop,wscale 7], length 0
@mmrtnt - I've got no idea where that login screen comes from. The traceroute ended up at CD Network with a level3.net Los Angeles network IP resolution.
[root@Elvis logs]# traceroute 184.108.40.206
traceroute to 220.127.116.11 (18.104.22.168), 30 hops max, 60 byte packets
12 ae-2-70.edge2.LosAngeles9.Level3.net (22.214.171.124) 58.555 ms ae-1-60.edge2.LosAngeles9.Level3.net (126.96.36.199) 59.767 ms ae-2-70.edge2.LosAngeles9.Level3.net (188.8.131.52) 61.702 ms
13 CDNETWORKS.edge2.LosAngeles9.Level3.net (184.108.40.206) 63.673 ms 65.102 ms 66.619 ms
14 220.127.116.11 (18.104.22.168) 68.322 ms 70.270 ms 71.794 ms
As I mentioned, I still get the index.html page that is on my server. Maybe as unSpawn says, it's a DNS problem. Checking.....
OK, this is my take on what's going on. The index.html page for the server is a splash page for Zend PHP Server with link graphics rather than local graphics. Soooo....when the page loads, it makes a call to a server where the graphic resides. So even though the page is on my server, not all of what's displayed is on my server. I don't have the same issue when I use my own generic index page. I learn something every day...