very strange dmesg output
 

this is the output I get from dmesg

what does it mean?

3.38.113.3 DST=62.30.238.191 LEN=85 TOS=0x00 PREC=0x00 TTL=246 ID=14519 DF PROTO=UDP SPT=53 DPT=1066 LEN=65
DROPPED IN=ppp0 OUT= MAC= SRC=194.117.157.4 DST=62.30.238.191 LEN=105 TOS=0x00 PREC=0x00 TTL=251 ID=65238 DF PROTO=UDP SPT=53 DPT=1059 LEN=85
DROPPED IN=ppp0 OUT= MAC= SRC=193.38.113.3 DST=62.30.238.191 LEN=105 TOS=0x00 PREC=0x00 TTL=246 ID=14520 DF PROTO=UDP SPT=53 DPT=1067 LEN=85
DROPPED IN=ppp0 OUT= MAC= SRC=193.38.113.3 DST=62.30.238.191 LEN=85 TOS=0x00 PREC=0x00 TTL=246 ID=14521 DF PROTO=UDP SPT=53 DPT=1062 LEN=65
DROPPED IN=ppp0 OUT= MAC= SRC=50.26.183.44 DST=62.30.238.191 LEN=438 TOS=0x00 PREC=0x00 TTL=78 ID=63642 DF PROTO=UDP SPT=53 DPT=1026 LEN=418
DROPPED IN=ppp0 OUT= MAC= SRC=216.239.37.147 DST=62.30.238.191 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64926 PROTO=TCP SPT=80 DPT=1037 SEQ=2538350621 ACK=4238546219 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=ppp0 OUT= MAC= SRC=24.59.90.12 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=48371 DF PROTO=TCP SPT=64918 DPT=2593 SEQ=481439646 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=24.59.90.12 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=48499 DF PROTO=TCP SPT=64918 DPT=2593 SEQ=481439646 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=24.59.90.12 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=48708 DF PROTO=TCP SPT=64918 DPT=2593 SEQ=481439646 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=217.187.244.186 DST=62.30.238.191 LEN=46 TOS=0x00 PREC=0x00 TTL=52 ID=61833 PROTO=UDP SPT=33028 DPT=7818 LEN=26
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=15747 DF PROTO=TCP SPT=2700 DPT=2593 SEQ=1820081754 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=15752 DF PROTO=TCP SPT=2700 DPT=2593 SEQ=1820081754 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=15757 DF PROTO=TCP SPT=2700 DPT=2593 SEQ=1820081754 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=80.230.255.26 DST=62.30.238.191 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52962 DF PROTO=TCP SPT=57962 DPT=2593 SEQ=2861498673 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0FDBCFD30000000001030300)
DROPPED IN=ppp0 OUT= MAC= SRC=80.230.255.26 DST=62.30.238.191 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52963 DF PROTO=TCP SPT=57962 DPT=2593 SEQ=2861498673 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0FDBD0FF0000000001030300)
DROPPED IN=ppp0 OUT= MAC= SRC=80.230.255.26 DST=62.30.238.191 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52964 DF PROTO=TCP SPT=57962 DPT=2593 SEQ=2861498673 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0FDBD3570000000001030300)
DROPPED IN=ppp0 OUT= MAC= SRC=80.230.254.67 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=56336 DF PROTO=TCP SPT=3522 DPT=2593 SEQ=304643934 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=80.230.254.67 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=56381 DF PROTO=TCP SPT=3522 DPT=2593 SEQ=304643934 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=80.230.254.67 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=56485 DF PROTO=TCP SPT=3522 DPT=2593 SEQ=304643934 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=216.239.59.104 DST=62.30.238.191 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5345 PROTO=TCP SPT=80 DPT=1040 SEQ=2485671909 ACK=54199685 WINDOW=9300 RES=0x00 RST URGP=0
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=16063 DF PROTO=TCP SPT=2752 DPT=2593 SEQ=1870094582 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=16066 DF PROTO=TCP SPT=2752 DPT=2593 SEQ=1870094582 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=16070 DF PROTO=TCP SPT=2752 DPT=2593 SEQ=1870094582 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=24.59.90.12 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=61475 DF PROTO=TCP SPT=65235 DPT=2593 SEQ=634750401 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=24.59.90.12 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=61550 DF PROTO=TCP SPT=65235 DPT=2593 SEQ=634750401 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=24.59.90.12 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=61681 DF PROTO=TCP SPT=65235 DPT=2593 SEQ=634750401 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
DROPPED IN=ppp0 OUT= MAC= SRC=199.71.38.213 DST=62.30.238.191 LEN=681 TOS=0x00 PREC=0x00 TTL=112 ID=10789 PROTO=UDP SPT=20164 DPT=1026 LEN=661
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=16263 DF PROTO=TCP SPT=2793 DPT=2593 SEQ=1925532333 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)
DROPPED IN=ppp0 OUT= MAC= SRC=217.165.74.215 DST=62.30.238.191 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=16266 DF PROTO=TCP SPT=2793 DPT=2593 SEQ=1925532333 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405AC01010402)

it goes on and on like this for ages
I had to cut some out to allow this to be posted

OPT
martian source 213.48.36.32 from 127.0.0.1, on dev ppp0
ll header: 45:00:00:28
martian source 213.48.36.32 from 127.0.0.1, on dev ppp0
ll header: 45:00:00:28
DROPPED IN=ppp0 OUT= MAC= SRC=64.156.39.12 DST=213.48.36.32 LEN=574 TOS=0x00 PREC=0x00 TTL=116 ID=38526 PROTO=UDP SPT=666 DPT=1026 LEN=554
martian source 213.48.36.32 from 127.0.0.1, on dev ppp0
ll header: 45:00:00:28
DROPPED IN=ppp0 OUT= MAC= SRC=146.145.104.180 DST=213.48.36.32 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=22776 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=54316

somehow the dmesg shows some IP traffic information... do you notify anything strange at boot time? did you do / install / configure something special with your network?

greetz,
-= iluvatar =-

no
boot is normal
no special events at boot time

just a normal, stand alone machine

hmm analyzing the log ;) take a look at these rows:

this means there's an incoming packet from 216.239.37.147 (this seems to be google), the source port is 80 (http) wich is the web server port (looks allright). the destination IP is 62.30.238.191, wich must be yours. the protocol is TCP ofcourse :D

blablabla etc anyway, it's nothing to worry about, exept for the fact this shouldn't be in your dmesg output (as far as I know). how this is possible I don't know...

greetz,
-= iluvatar =-

ps: nothing wrong, exept the packet is dropped :p you don't use the internet on that machine? or: can you use it?

yes I use the internet on it

I have gaurddog installed
could that be it?

maybe gaurddog is dumping it's log into dmesg? (just guessing here)
i noticed this dmesg behaviour first in mandrake 10 (different from 9.2)

here I am again... I took a look at the website of guarddog, noticed this:
and most of all, this sentence:
so webpages you visit use this type of packet to terminate the connection, wich is actually not the way according to the RFC i guess. thats why it comes up in your log. I also read on the site that guarddog dumps its log to the syslog. maybe syslog can be configured to store the guarddog messages to another file, but I haven't completed reading the man-pages ;)

succes,
-= iluvatar =-

ok

i turned off all logging from guarddog and dmesg now reads ok

many thanks for your help