Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
somehow the dmesg shows some IP traffic information... do you notify anything strange at boot time? did you do / install / configure something special with your network?
this means there's an incoming packet from 216.239.37.147 (this seems to be google), the source port is 80 (http) wich is the web server port (looks allright). the destination IP is 62.30.238.191, wich must be yours. the protocol is TCP ofcourse
blablabla etc anyway, it's nothing to worry about, exept for the fact this shouldn't be in your dmesg output (as far as I know). how this is possible I don't know...
greetz,
-= iluvatar =-
ps: nothing wrong, exept the packet is dropped you don't use the internet on that machine? or: can you use it?
here I am again... I took a look at the website of guarddog, noticed this:
Quote:
The Log aborted TCP connections (half open scans) check box controls whether TCP connections that are forcefully terminated using a RST packet are logged. A port scanning technique know as "half-open" scanning uses RST packets to quickly abort an half open TCP connection in order to avoid detection. This can be done using nmap's -sS option. By turning this option on you can detect and log when this happens. Unfortunately many web servers like to quickly terminate connections by using a RST packet. This can produce quite a lot of unwanted noise in your system logs. Therefore you may want to turn this option off. Also, this option only has effect when the firewall is used on a Linux kernel 2.4 machine in combination with iptables.
and most of all, this sentence:
Quote:
Unfortunately many web servers like to quickly terminate connections by using a RST packet. This can produce quite a lot of unwanted noise in your system logs.
so webpages you visit use this type of packet to terminate the connection, wich is actually not the way according to the RFC i guess. thats why it comes up in your log. I also read on the site that guarddog dumps its log to the syslog. maybe syslog can be configured to store the guarddog messages to another file, but I haven't completed reading the man-pages
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.