LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-05-2007, 03:29 AM   #31
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56

Quote:
Originally Posted by raskin View Post
yu issue multiple commands for every chain. Are sure about the order?
I'm following;
How to configure and secure Linux for VMware
http://searchservervirtualization.te...242833,00.html


building this Virtual machine for testing. I haven't modified the script.


satimis
 
Old 10-05-2007, 04:27 AM   #32
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Is there anything interesting in dmesg?
 
Old 10-05-2007, 09:37 AM   #33
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
Is there anything interesting in dmesg?
$ dmesg
Code:
[    0.000000] Linux version 2.6.20-15-generic (root@yellow) (gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)) #2 SMP Sun Apr 1
5 06:17:24 UTC 2007 (Ubuntu 2.6.20-15.27-generic)
[    0.000000] Command line: root=/dev/mapper/ubuntu-root ro quiet splash
[    0.000000] BIOS-provided physical RAM map:
[    0.000000]  BIOS-e820: 0000000000000000 - 000000000009f000 (usable)
[    0.000000]  BIOS-e820: 000000000009f000 - 00000000000a0000 (reserved)
[    0.000000]  BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
[    0.000000]  BIOS-e820: 0000000000100000 - 000000007fee0000 (usable)
[    0.000000]  BIOS-e820: 000000007fee0000 - 000000007fee3000 (ACPI NVS)
[    0.000000]  BIOS-e820: 000000007fee3000 - 000000007fef0000 (ACPI data)
[    0.000000]  BIOS-e820: 000000007fef0000 - 000000007ff00000 (reserved)
[    0.000000]  BIOS-e820: 00000000f0000000 - 00000000f4000000 (reserved)
[    0.000000]  BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)

- snip -

[   20.482240] Console: colour VGA+ 80x25
[   20.482996] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes)

- snip -

[   21.800749] NET: Registered protocol family 2
[   21.848782] IP route cache hash table entries: 65536 (order: 7, 524288 bytes)
[   21.849061] TCP established hash table entries: 262144 (order: 10, 4194304 bytes)
[   21.850680] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
[   21.851084] TCP: Hash tables configured (established 262144 bind 65536)
[   21.851087] TCP reno registered
[   21.864819] checking if image is initramfs... it is

- snip -

[   23.586926] eth0: forcedeth.c: subsystem: 01043:8239 bound to 0000:00:08.0
[   23.587914] ACPI: PCI Interrupt Link [APCF] enabled at IRQ 22
[   23.587924] ACPI: PCI Interrupt 0000:00:02.0[A] -> Link [APCF] -> GSI 22 (level, low) -> IRQ 22


- snip -


[   44.609968] vmmon: module license 'unspecified' taints kernel.
[   44.613587] /dev/vmmon[4697]: Module vmmon: registered with major=10 minor=165
[   44.613607] /dev/vmmon[4697]: Module vmmon: initialized
[   44.976157] /dev/vmnet: open called by PID 4726 (vmnet-bridge)
[   44.976168] /dev/vmnet: hub 0 does not exist, allocating memory.
[   44.976179] /dev/vmnet: port on hub 0 successfully opened
[   44.976192] bridge-eth0: enabling the bridge
[   44.976195] bridge-eth0: up
[   44.976198] bridge-eth0: already up
[   44.976200] bridge-eth0: attached
[   45.046623] /dev/vmnet: open called by PID 4740 (vmnet-natd)
[   45.046635] /dev/vmnet: hub 8 does not exist, allocating memory.
[   45.046647] /dev/vmnet: port on hub 8 successfully opened
[   47.276271] ip_tables: (C) 2000-2006 Netfilter Core Team
[   47.349053] Netfilter messages via NETLINK v0.30.
[   47.353336] nf_conntrack version 0.5.0 (8192 buckets, 65536 max)
[   48.053576] /dev/vmnet: open called by PID 4856 (vmnet-netifup)
[   48.053588] /dev/vmnet: hub 1 does not exist, allocating memory.
[   48.053603] /dev/vmnet: port on hub 1 successfully opened
[   48.054814] /dev/vmnet: open called by PID 4857 (vmnet-netifup)
[   48.054828] /dev/vmnet: port on hub 8 successfully opened
[   48.130540] /dev/vmnet: open called by PID 4878 (vmnet-dhcpd)
[   48.130552] /dev/vmnet: port on hub 1 successfully opened
[   48.131038] /dev/vmnet: open called by PID 4879 (vmnet-dhcpd)
[   48.131048] /dev/vmnet: port on hub 8 successfully opened
[   58.082635] vmnet1: no IPv6 routers present
[   58.454255] vmnet8: no IPv6 routers present
It seems nothing irregular. Most its content relate to hardware


satimis
 
Old 10-05-2007, 02:31 PM   #34
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
And if you run tcpdump or wireshark on desktop, what does it say about icmp traffic or port 22 traffic?
 
Old 10-05-2007, 08:03 PM   #35
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
And if you run tcpdump or wireshark on desktop, what does it say about icmp traffic or port 22 traffic?
$ tcpdump
Code:
tcpdump: no suitable device found
$ which tcpdump
Code:
/usr/sbin/tcpdump
$ wireshark
Code:
The program 'wireshark' is currently not installed.  You can install it by typing:
sudo apt-get install wireshark
Make sure you have the 'universe' component enabled
bash: wireshark: command not found
 
Old 10-05-2007, 09:46 PM   #36
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
What your network interface is called? Run 'tcpdump -i <interface name>'. It would also be interesting to run it on client and on server and compare.. Also post output of 'netstat -nlp' on server.
 
Old 10-05-2007, 11:21 PM   #37
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
What your network interface is called? Run 'tcpdump -i <interface name>'. It would also be interesting to run it on client and on server and compare.. Also post output of 'netstat -nlp' on server.
On server


$ ifconfig
Code:
eth0      Link encap:Ethernet  HWaddr 00:0E:A6:F9:A3:5B  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:a6ff:fef9:a35b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:225434 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124933 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:328274339 (313.0 MiB)  TX bytes:9187159 (8.7 MiB)
          Interrupt:21 Base address:0xc000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01  
          inet addr:172.16.77.1  Bcast:172.16.77.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08  
          inet addr:192.168.213.1  Bcast:192.168.213.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

$ sudo tcpdump -i eth0
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:59:20.104418 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 3214138345:3214139797(1452) ack 4200607416 win 27
11:59:20.104454 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 10164 win 21825
11:59:20.104920 IP 192.168.0.10.32807 > ns1.pacific.net.hk.domain:  51921+ PTR? 10.0.168.192.in-addr.arpa. (43)
11:59:20.111812 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 1452:2904(1452) ack 1 win 27
11:59:20.111831 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 10164 win 21825
11:59:20.119006 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 2904:4356(1452) ack 1 win 27
11:59:20.119014 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 10164 win 21825
11:59:20.142103 IP ns1.pacific.net.hk.domain > 192.168.0.10.32807:  51921 NXDomain 0/1/0 (120)
11:59:20.142220 IP 192.168.0.10.32807 > ns1.pacific.net.hk.domain:  26816+ PTR? 74.174.92.64.in-addr.arpa. (43)
11:59:20.170643 IP ns1.pacific.net.hk.domain > 192.168.0.10.32807:  26816 2/3/3[|domain]
11:59:20.170791 IP 192.168.0.10.32807 > ns1.pacific.net.hk.domain:  5301+ PTR? 4.67.14.202.in-addr.arpa. (42)
11:59:20.192385 IP ns1.pacific.net.hk.domain > 192.168.0.10.32807:  5301* 1/2/2 PTR[|domain]
11:59:20.360706 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 10164:11616(1452) ack 1 win 27
11:59:20.360741 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 18876 win 21553
11:59:20.368352 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 11616:13068(1452) ack 1 win 27
11:59:20.368385 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 18876 win 21553
11:59:20.375955 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: P 13068:14520(1452) ack 1 win 27
11:59:20.375988 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 18876 win 21553

18 packets captured
18 packets received by filter
0 packets dropped by kernel
It is difficult to compare. They are running.


$ netstat -nlp
Code:
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     -                   
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     -                   
tcp        0      0 192.168.213.1:53        0.0.0.0:*               LISTEN     -                   
tcp        0      0 172.16.77.1:53          0.0.0.0:*               LISTEN     -                   
tcp        0      0 192.168.0.10:53         0.0.0.0:*               LISTEN     -                   
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     -                   
tcp        0      0 192.168.0.10:22         0.0.0.0:*               LISTEN     -                   
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN     -                   
tcp6       0      0 :::53                   :::*                    LISTEN     -                   
tcp6       0      0 ::1:953                 :::*                    LISTEN     -                   
udp        0      0 0.0.0.0:32769           0.0.0.0:*                          -                   
udp        0      0 0.0.0.0:514             0.0.0.0:*                          -                   
udp        0      0 192.168.213.1:53        0.0.0.0:*                          -                   
udp        0      0 172.16.77.1:53          0.0.0.0:*                          -                   
udp        0      0 192.168.0.10:53         0.0.0.0:*                          -                   
udp        0      0 127.0.0.1:53            0.0.0.0:*                          -                   
udp6       0      0 :::32771                :::*                               -                   
udp6       0      0 :::53                   :::*                               -                   
raw        0      0 0.0.0.0:1               0.0.0.0:*               7          -                   
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     13964    -                   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     14384    -                   /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     14085    -                   /var/run/vmnat.4737
unix  2      [ ACC ]     STREAM     LISTENING     14483    4927/scim-launcher  /tmp/scim-socket-frontend-satimis
unix  2      [ ACC ]     STREAM     LISTENING     14502    4930/scim-helper-ma /tmp/scim-helper-manager-socket-satimis
unix  2      [ ACC ]     STREAM     LISTENING     14506    4931/scim-panel-gtk /tmp/scim-panel-socket:0-satimis
unix  2      [ ACC ]     STREAM     LISTENING     14105    -                   /var/run/vmware/root/4742/server-fd
unix  2      [ ACC ]     STREAM     LISTENING     14107    -                   /var/run/vmware/root/4742/vmx-fd
unix  2      [ ACC ]     STREAM     LISTENING     14109    -                   /var/run/vmware/root/4742/server-vcvmdb-fd
unix  2      [ ACC ]     STREAM     LISTENING     14111    -                   /var/run/vmware/root/4742/server-vmdb-fd
unix  2      [ ACC ]     STREAM     LISTENING     14113    -                   /var/run/vmware/root/4742/server-vmxvmdb-fd
unix  2      [ ACC ]     STREAM     LISTENING     14115    -                   /var/run/vmware/root/4742/nfc-fd
unix  2      [ ACC ]     STREAM     LISTENING     14117    -                   /var/run/vmware/root/4742/fsserver-fd
unix  2      [ ACC ]     STREAM     LISTENING     13700    -                   /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     14788    4961/npviewer.bin   @/org/wrapper/NSPlugins/libflashplayer.so/4922-2

On desktop


$ ifconfig
Code:
eth0      Link encap:Ethernet  HWaddr 00:07:40:82:68:14  
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::207:40ff:fe82:6814/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:210 errors:0 dropped:0 overruns:0 frame:0
          TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:247388 (241.5 KiB)  TX bytes:20543 (20.0 KiB)
          Interrupt:10 Base address:0x4000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:100 (100.0 b)  TX bytes:100 (100.0 b)

$ sudo tcpdump -i eth0
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:56:58.113680 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 943794033:943795473(1440) ack 3710448015 win 319 <nop,nop,timestamp 148301279 153874>
11:56:58.115476 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  63814+ PTR? 11.0.168.192.in-addr.arpa. (43)
11:56:58.151708 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 1440 win 24576 <nop,nop,timestamp 153969 148301279>
11:56:58.181022 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 1440:2880(1440) ack 1 win 319 <nop,nop,timestamp 148301296 153891>
11:56:58.286172 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 4320:5760(1440) ack 1 win 319 <nop,nop,timestamp 148301326 153921>
11:56:58.286250 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154002 148301296,nop,nop,sack 1 {4320:5760}>
11:56:58.361805 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 5760:7200(1440) ack 1 win 319 <nop,nop,timestamp 148301343 153938>
11:56:58.361878 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154021 148301296,nop,nop,sack 1 {4320:7200}>
11:56:58.369192 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 7200:8640(1440) ack 1 win 319 <nop,nop,timestamp 148301345 153940>
11:56:58.369259 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154023 148301296,nop,nop,sack 1 {4320:8640}>
11:56:58.391616 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 8640:10080(1440) ack 1 win 319 <nop,nop,timestamp 148301347 153942>
11:56:58.391694 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154029 148301296,nop,nop,sack 1 {4320:10080}>
11:56:58.391795 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  63814 NXDomain 0/1/0 (120)
11:56:58.393307 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  9036+ PTR? 139.8.112.140.in-addr.arpa. (44)
11:56:58.490626 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 10080:11520(1440) ack 1 win 319 <nop,nop,timestamp 148301374 153969>
11:56:58.490706 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154053 148301296,nop,nop,sack 1 {4320:11520}>
11:56:58.498210 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 11520:12960(1440) ack 1 win 319 <nop,nop,timestamp 148301374 153969>
11:56:58.498239 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154055 148301296,nop,nop,sack 1 {4320:12960}>
11:56:58.611255 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 12960:14400(1440) ack 1 win 319 <nop,nop,timestamp 148301407 154002>
11:56:58.611331 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154083 148301296,nop,nop,sack 1 {4320:14400}>
11:56:58.618690 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 14400:15840(1440) ack 1 win 319 <nop,nop,timestamp 148301407 154002>
11:56:58.618717 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154085 148301296,nop,nop,sack 1 {4320:15840}>
11:56:58.649224 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  9036 1/2/2 (147)
11:56:58.656162 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  4004+ PTR? 4.67.14.202.in-addr.arpa. (42)
11:56:58.702885 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 15840:17280(1440) ack 1 win 319 <nop,nop,timestamp 148301426 154021>
11:56:58.702957 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154106 148301296,nop,nop,sack 1 {4320:17280}>
11:56:58.710520 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 2880:4320(1440) ack 1 win 319 <nop,nop,timestamp 148301428 154023>
11:56:58.710593 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 17280 win 21366 <nop,nop,timestamp 154108 148301428>
11:56:58.838844 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 17280:18720(1440) ack 1 win 319 <nop,nop,timestamp 148301458 154053>
11:56:58.838916 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 18720 win 24255 <nop,nop,timestamp 154140 148301458>
11:56:58.899150 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  4004* 1/2/2 PTR[|domain]
11:56:58.937837 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 18720:20160(1440) ack 1 win 319 <nop,nop,timestamp 148301489 154083>
11:56:58.937906 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 20160 win 24255 <nop,nop,timestamp 154165 148301489>
11:56:59.020595 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 20160:21600(1440) ack 1 win 319 <nop,nop,timestamp 148301512 154106>
11:56:59.020664 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 21600 win 24255 <nop,nop,timestamp 154186 148301512>
11:56:59.028208 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 21600:23040(1440) ack 1 win 319 <nop,nop,timestamp 148301513 154108>
11:56:59.028269 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 23040 win 24255 <nop,nop,timestamp 154188 148301513>
11:56:59.156032 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 23040:24480(1440) ack 1 win 319 <nop,nop,timestamp 148301545 154140>
11:56:59.156106 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 24480 win 24255 <nop,nop,timestamp 154220 148301545>
11:56:59.163945 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 24480:25920(1440) ack 1 win 319 <nop,nop,timestamp 148301545 154140>
11:56:59.164009 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 25920 win 24255 <nop,nop,timestamp 154222 148301545>
11:56:59.254093 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 25920:27360(1440) ack 1 win 319 <nop,nop,timestamp 148301570 154165>
11:56:59.254163 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 27360 win 24255 <nop,nop,timestamp 154244 148301570>
11:56:59.344711 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 27360:28800(1440) ack 1 win 319 <nop,nop,timestamp 148301591 154186>
11:56:59.344786 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 28800 win 24255 <nop,nop,timestamp 154267 148301591>
11:56:59.352339 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 28800:30240(1440) ack 1 win 319 <nop,nop,timestamp 148301593 154188>
11:56:59.352403 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 30240 win 24255 <nop,nop,timestamp 154269 148301593>

47 packets captured
47 packets received by filter
0 packets dropped by kernel

$ netstat -nlp
Code:
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 127.0.0.1:2208          0.0.0.0:*               LISTEN     -                   
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     -                   
tcp        0      0 127.0.0.1:2207          0.0.0.0:*               LISTEN     -                   
tcp6       0      0 :::22                   :::*                    LISTEN     -                   
udp        0      0 0.0.0.0:32768           0.0.0.0:*                          -                   
udp        0      0 0.0.0.0:68              0.0.0.0:*                          -                   
udp        0      0 0.0.0.0:5353            0.0.0.0:*                          -                   
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     17323    5272/nm-applet      /tmp/orbit-satimis/linc-1498-0-25d9837cbf8d5
unix  2      [ ACC ]     STREAM     LISTENING     17334    5268/update-notifie /tmp/orbit-satimis/linc-1494-0-72698582d1802
unix  2      [ ACC ]     STREAM     LISTENING     17347    5274/gnome-power-ma /tmp/orbit-satimis/linc-1497-0-25d9837d6d69
unix  2      [ ACC ]     STREAM     LISTENING     17375    5273/gnome-cups-ico /tmp/orbit-satimis/linc-1499-0-79ef35aba97f5
unix  2      [ ACC ]     STREAM     LISTENING     17393    5270/evolution-alar /tmp/orbit-satimis/linc-1496-0-2bd45ed495e7c
unix  2      [ ACC ]     STREAM     LISTENING     17406    5260/bonobo-activat /tmp/orbit-satimis/linc-148c-0-2635cbef1b4f5
unix  2      [ ACC ]     STREAM     LISTENING     17444    5295/evolution-data /tmp/orbit-satimis/linc-14af-0-4f19743de23f3
unix  2      [ ACC ]     STREAM     LISTENING     17846    5313/mapping-daemon /tmp/mapping-satimis
unix  2      [ ACC ]     STREAM     LISTENING     17869    5306/evolution-exch /tmp/orbit-satimis/linc-14ba-0-3887047a5c253
unix  2      [ ACC ]     STREAM     LISTENING     17912    5323/trashapplet    /tmp/orbit-satimis/linc-14cb-0-2a63d799c6fbb
unix  2      [ ACC ]     STREAM     LISTENING     17956    5362/mixer_applet2  /tmp/orbit-satimis/linc-14f2-0-feafdaa52e24
unix  2      [ ACC ]     STREAM     LISTENING     15815    -                   @/tmp/dbus-456emqdufC
unix  2      [ ACC ]     STREAM     LISTENING     18144    5386/gnome-screensa /tmp/orbit-satimis/linc-1509-0-16e2adddd799d
unix  2      [ ACC ]     STREAM     LISTENING     18158    5394/scim-launcher  /tmp/scim-socket-frontend-satimis
unix  2      [ ACC ]     STREAM     LISTENING     18177    5397/scim-helper-ma /tmp/scim-helper-manager-socket-satimis
unix  2      [ ACC ]     STREAM     LISTENING     18181    5398/scim-panel-gtk /tmp/scim-panel-socket:0-satimis
unix  2      [ ACC ]     STREAM     LISTENING     18199    5401/notification-d /tmp/orbit-satimis/linc-1519-0-34881d53b0dd1
unix  2      [ ACC ]     STREAM     LISTENING     18230    5409/python2.5      /tmp/orbit-satimis/linc-1521-0-692f675b58b69
unix  2      [ ACC ]     STREAM     LISTENING     18269    5447/gksu           /tmp/orbit-satimis/linc-1547-0-69b78cca930d6
unix  2      [ ACC ]     STREAM     LISTENING     18298    -                   /tmp/scim-socket-frontend-root
unix  2      [ ACC ]     STREAM     LISTENING     18317    -                   /tmp/scim-helper-manager-socket-root
unix  2      [ ACC ]     STREAM     LISTENING     18321    -                   /tmp/scim-panel-socket:0-root
unix  2      [ ACC ]     STREAM     LISTENING     14685    -                   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     18345    5472/gnome-terminal /tmp/orbit-satimis/linc-1560-0-641288d3718e0
unix  2      [ ACC ]     STREAM     LISTENING     18427    5521/gedit          /tmp/orbit-satimis/linc-1591-0-6ff0d7dc77c3a
unix  2      [ ACC ]     STREAM     LISTENING     18431    5521/gedit          /tmp/gedit.satimis.4046069457
unix  2      [ ACC ]     STREAM     LISTENING     14441    -                   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     15982    -                   /var/run/gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     14706    -                   @/var/run/hald/dbus-3wunxxWvKY
unix  2      [ ACC ]     STREAM     LISTENING     15765    -                   /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     16543    -                   /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     14703    -                   @/var/run/hald/dbus-zfHHTaMCoc
unix  2      [ ACC ]     STREAM     LISTENING     18611    -                   /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     16034    -                   /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     16784    -                   /tmp/ssh-OySboc5184/agent.5184
unix  2      [ ACC ]     STREAM     LISTENING     16815    5231/gconfd-2       /tmp/orbit-satimis/linc-146f-0-6d44a99fc1cad
unix  2      [ ACC ]     STREAM     LISTENING     16825    5184/x-session-mana /tmp/orbit-satimis/linc-1440-0-555f0501dae6f
unix  2      [ ACC ]     STREAM     LISTENING     17037    5184/x-session-mana /tmp/.ICE-unix/5184
unix  2      [ ACC ]     STREAM     LISTENING     17046    5234/gnome-keyring- /tmp/keyring-EafH5k/socket
unix  2      [ ACC ]     STREAM     LISTENING     16795    5229/dbus-daemon    @/tmp/dbus-K28IL42Sto
unix  2      [ ACC ]     STREAM     LISTENING     17067    5236/gnome-settings /tmp/orbit-satimis/linc-1474-0-266dabdfbf612
unix  2      [ ACC ]     STREAM     LISTENING     17095    5244/esd            /tmp/.esd-1000/socket
unix  2      [ ACC ]     STREAM     LISTENING     17189    5251/gnome-panel    /tmp/orbit-satimis/linc-1483-0-1e713182a9352
unix  2      [ ACC ]     STREAM     LISTENING     17212    5248/metacity       /tmp/orbit-satimis/linc-1480-0-1a2c84f73e54
unix  2      [ ACC ]     STREAM     LISTENING     17230    5262/gnome-volume-m /tmp/orbit-satimis/linc-148a-0-41fcb6c323ef4
unix  2      [ ACC ]     STREAM     LISTENING     17257    5257/nautilus       /tmp/orbit-satimis/linc-1489-0-41fcb6c38efb5
unix  2      [ ACC ]     STREAM     LISTENING     17282    5264/gnome-vfs-daem /tmp/orbit-satimis/linc-1490-0-6e04f78016a8
 
Old 10-06-2007, 02:59 AM   #38
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
What traffic between desktop and server does tcpdump show when you try to ssh -X? The most interesting part is how does this differ from the view point of client and server..
 
Old 10-06-2007, 04:28 AM   #39
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
What traffic between desktop and server does tcpdump show when you try to ssh -X? The most interesting part is how does this differ from the view point of client and server..
With iptables running OR off?


satimis
 
Old 10-06-2007, 04:29 AM   #40
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Do I understand correctly that with iptables off everything is OK? In this case, with iptables running.
 
Old 10-06-2007, 05:21 AM   #41
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
Do I understand correctly that with iptables off everything is OK?
Yes, please refer to my posting #27


Quote:
In this case, with iptables running.
OK


On desktop

1)
Console-1

$ ssh -X satimis@192.168.0.10 rox
Code:
satimis@192.168.0.10's password: 

(process:5153): Gdk-WARNING **: locale not supported by C library

(rox:5153): Gtk-WARNING **: Locale not supported by C library.
        Using the fallback 'C' locale.

(rox:5153): Gtk-WARNING **: cannot open display:

Console-2
$ sudo tcpdump -i eth0
Code:
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:58:48.703193 IP 192.168.0.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 [max resp time 10]
17:58:48.739881 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  56772+ PTR? 1.0.0.224.in-addr.arpa. (40)
17:58:48.761840 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  56772 1/3/6 PTR[|domain]
17:58:48.762441 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  27311+ PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:48.781903 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  27311 NXDomain 0/1/0 (119)
17:58:48.886251 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:49.182173 IP ubuntu704.local > 224.0.0.251: igmp v2 report 224.0.0.251
17:58:49.182744 IP 192.168.0.1 > ubuntu704.local: ICMP 224.0.0.251 protocol 2 unreachable, length 40
17:58:49.890335 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:51.894450 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 1.0.168.192.in-addr.arpa. (42)
17:58:53.738419 arp who-has 192.168.0.1 tell ubuntu704.local
17:58:53.746152 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)
17:58:53.787613 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  1339+ PTR? 4.67.14.202.in-addr.arpa. (42)
17:58:53.808092 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  1339* 1/2/2 PTR[|domain]
17:58:53.808549 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  23491+ PTR? 11.0.168.192.in-addr.arpa. (43)
17:58:53.828263 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  23491 NXDomain 0/1/0 (120)
17:58:53.930559 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 11.0.168.192.in-addr.arpa. (43)
17:58:53.930895 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0*- [0q] 1/0/0 (Cache flush) PTR[|domain]
17:58:53.931885 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  6479+ PTR? 251.0.0.224.in-addr.arpa. (42)
17:58:53.951719 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  6479 NXDomain 0/1/0 (100)
17:58:54.054567 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 251.0.0.224.in-addr.arpa. (42)
17:58:55.058631 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 251.0.0.224.in-addr.arpa. (42)
17:58:57.058737 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 251.0.0.224.in-addr.arpa. (42)

23 packets captured
23 packets received by filter
0 packets dropped by kernel

On server

$ sudo tcpdump -i eth0
Code:
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:00:21.184711 IP 192.168.0.10.ssh > 192.168.0.11.38149: P 279954464:279954560(
96) ack 185116361 win 359 <nop,nop,timestamp 468638 55467>
18:00:21.184887 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 96 win 2884 <nop
,nop,timestamp 102717 468638>
18:00:21.185813 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  55799+ PTR? 
11.0.168.192.in-addr.arpa. (43)
18:00:21.185994 IP 192.168.0.10.ssh > 192.168.0.11.38149: P 96:224(128) ack 1 wi
n 359 <nop,nop,timestamp 468638 102717>
18:00:21.186103 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 224 win 3244 <no
p,nop,timestamp 102717 468638>
18:00:21.186460 IP 192.168.0.11.38149 > 192.168.0.10.ssh: P 1:33(32) ack 224 win
 3244 <nop,nop,timestamp 102717 468638>
18:00:21.186592 IP 192.168.0.11.38149 > 192.168.0.10.ssh: F 33:33(0) ack 224 win
 3244 <nop,nop,timestamp 102717 468638>
18:00:21.187230 IP 192.168.0.10.ssh > 192.168.0.11.38149: F 224:224(0) ack 34 wi
n 359 <nop,nop,timestamp 468639 102717>
18:00:21.187353 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 225 win 3244 <no
p,nop,timestamp 102717 468639>
18:00:21.204767 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  55799 NXDoma
in 0/1/0 (120)
18:00:21.204928 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  17824+ PTR? 
10.0.168.192.in-addr.arpa. (43)
18:00:21.225484 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  17824 NXDoma
in 0/1/0 (120)
18:00:21.225616 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  46575+ PTR? 
4.67.14.202.in-addr.arpa. (42)
18:00:21.246687 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  46575* 1/2/2
 PTR[|domain]
18:00:26.184749 arp who-has 192.168.0.1 tell 192.168.0.10
18:00:26.184885 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  44587+ PTR? 
1.0.168.192.in-addr.arpa. (42)
18:00:26.185840 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)
18:00:26.205881 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  44587 NXDoma
in 0/1/0 (119)

18 packets captured
18 packets received by filter
0 packets dropped by kernel

satimis
 
Old 10-06-2007, 07:11 AM   #42
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Try (on desktop) telnet or netcat or ncat to server port 22.. What happens? Also redo tcpdump experiment: launch it on both boxes first, then try 'ssh -X', and please leave only communication between server and client in your post. By the way, I looked once more at iptables configuration and if I understand anything, it forbids network connections from 127.0.0.1 to 127.0.0.1 through loopback - and X forwarding is done that way.
 
Old 10-07-2007, 10:03 AM   #43
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
Try (on desktop) telnet or netcat or ncat to server port 22.. What happens? Also redo tcpdump experiment: launch it on both boxes first, then try 'ssh -X', and please leave only communication between server and client in your post. By the way, I looked once more at iptables configuration and if I understand anything, it forbids network connections from 127.0.0.1 to 127.0.0.1 through loopback - and X forwarding is done that way.
Iptables on server was running.


1) Test-1

On desktop;

$ telnet 192.168.0.10 22
Code:
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1
Connection closed by foreign host.

$ sudo tcpdump -i eth0
Code:
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:52:17.560976 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  690+ A? sb.google.com. (31)
21:52:17.583103 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  690 2/7/7 CNAME sb.l.google.com., (290)
21:52:17.583547 IP ubuntu704.local.45122 > po-in-f91.google.com.www: S 2083052393:2083052393(0) win 5840 <mss 1460,sackOK,timestamp 741054 0,nop,wscale 2>
21:52:17.584585 IP 192.168.0.1.1974 > 192.168.0.255.snmp-trap:  Trap(120)  E:3955.2.2.1 192.168.0.1 enterpriseSpecific s=1 1368842 [|snmp]
21:52:17.626074 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  47876+ PTR? 4.67.14.202.in-addr.arpa. (42)
21:52:17.646768 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  47876* 1/2/2 PTR[|domain]
21:52:17.647192 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  17083+ PTR? 11.0.168.192.in-addr.arpa. (43)
21:52:17.667467 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  17083 NXDomain 0/1/0 (120)
21:52:17.771370 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 11.0.168.192.in-addr.arpa. (43)

9 packets captured
36 packets received by filter
0 packets dropped by kernel


On server;

$ sudo tcpdump -i eth0
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:55:23.894914 arp who-has 192.168.0.1 tell 192.168.0.10
21:55:23.895425 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  63576+ PTR? 
1.0.168.192.in-addr.arpa. (42)
21:55:23.895839 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)
21:55:23.914415 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  63576 NXDoma
in 0/1/0 (119)
21:55:23.914574 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  49217+ PTR? 
10.0.168.192.in-addr.arpa. (43)
21:55:23.935143 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  49217 NXDoma
in 0/1/0 (120)
21:55:23.935417 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  37745+ PTR? 
4.67.14.202.in-addr.arpa. (42)
21:55:23.955567 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  37745* 1/2/2
 PTR[|domain]

8 packets captured
8 packets received by filter
0 packets dropped by kernel



2) Test-2
On desktop

$ ssh -X satimis@192.168.0.10 rox
Code:
satimis@192.168.0.10's password: 

(process:5333): Gdk-WARNING **: locale not supported by C library

(rox:5333): Gtk-WARNING **: Locale not supported by C library.
        Using the fallback 'C' locale.
It hung here for prolonged time. I have to press [Ctrl]+[c] to stop it.


On server;

$ sudo tcpdump -i eth0
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:00:58.748352 IP 192.168.0.11.58379 > 192.168.0.10.ssh: F 2511929468:2511929468(0) ack 2609615553 win 2884 <nop,nop,timestamp 871004 1337270>
22:00:58.749019 IP 192.168.0.10.ssh > 192.168.0.11.58379: F 1:1(0) ack 1 win 359 <nop,nop,timestamp 1363479 871004>
22:00:58.749149 IP 192.168.0.11.58379 > 192.168.0.10.ssh: . ack 2 win 2884 <nop,nop,timestamp 871004 1363479>
22:00:58.751000 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  4469+ PTR? 10.0.168.192.in-addr.arpa. (43)
22:00:58.770398 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  4469 NXDomain 0/1/0 (120)
22:00:58.770489 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  63340+ PTR? 11.0.168.192.in-addr.arpa. (43)
22:00:58.790579 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  63340 NXDomain 0/1/0 (120)
22:00:58.790965 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  49644+ PTR? 4.67.14.202.in-addr.arpa. (42)
22:00:58.811035 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  49644* 1/2/2 PTR[|domain]

9 packets captured
9 packets received by filter
0 packets dropped by kernel
While the desktop was hanging as abovementioned, the server also hung on "listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes". On stopping the desktop then the server started to print.


B.R.
satimis
 
Old 10-07-2007, 10:06 AM   #44
raskin
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900

Rep: Reputation: 69
Try allowing all traffic from localhost to localhost on server.
 
Old 10-08-2007, 02:20 AM   #45
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,695

Original Poster
Rep: Reputation: 56
Quote:
Originally Posted by raskin View Post
Try allowing all traffic from localhost to localhost on server.
Sorry I don't find this item on /etc/ssh/sshd-config


satimis
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Running GUI in SSH Towlies Linux - Newbie 10 05-17-2007 05:23 PM
Do I need ssh running? reesee Linux - Security 7 01-02-2006 10:01 PM
problem in running ssh command skvasistha Linux - General 1 11-29-2004 06:12 AM
running ssh on redhat 8.0 sheek Linux - Newbie 2 07-22-2003 06:46 PM
Running X through SSH cdakin Linux - Newbie 0 04-23-2002 08:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration