Today I was working on some software that involved network traffic, so I started tcpdump, and sat there happily doing my thing.
I killed off my network programs, and was busy debugging something when I noticed a weird bunch of SYNACK->ACK on the loopback device. there are no TCP SYN's starting it, and there's nothing else I can think of. there are no non-ack packets, netstat doesn't report anything unusual, there are no extraneous file descriptors in /proc that could explain it. could it be internal transfer between some running programs? maybe IPC?
Anyone with any information feel free to reply
snippet of some of the packets:
Code:
10:44:53.502287 reveka.orgcandman.com.60317 > reveka.orgcandman.com.1098: S 2228933544:2228933544(0) win 32767 <mss 16396,sackOK,timestamp 14350431[|tcp]> (DF)
0x0000 4500 003c 2bf7 4000 4006 8d70 c0a8 0002 E..<+.@.@..p....
0x0010 c0a8 0002 eb9d 044a 84da d3a8 0000 0000 .......J........
0x0020 a002 7fff cab5 0000 0204 400c 0402 080a ..........@.....
0x0030 00da f85f 0000 ..._..
10:44:53.502355 reveka.orgcandman.com.1098 > reveka.orgcandman.com.60317: S 2219981233:2219981233(0) ack 2228933545 win 32767 <mss 16396,sackOK,timestamp 14350431[|tcp]> (DF)
0x0000 4500 003c 0000 4000 4006 b967 c0a8 0002 E..<..@.@..g....
0x0010 c0a8 0002 044a eb9d 8452 39b1 84da d3a9 .....J...R9.....
0x0020 a012 7fff 1367 0000 0204 400c 0402 080a .....g....@.....
0x0030 00da f85f 00da ..._..
the ports ARE changing. maybe this is related to emacs/the fact that I'm sshed in. I'm just paranoid because a while ago I was subjected to a lot of failed ssh attacks (none were successful, and md5 sums were untouched). am I just freaking out? does anyone know what this is related to?