LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-19-2007, 02:05 AM   #1
Arbee
LQ Newbie
 
Registered: Aug 2007
Distribution: Slackware 12.0
Posts: 3

Rep: Reputation: 0
Alot of packets


OK, i started messing around with tcpdump a little while ago.
I recently started using it again for a few purposes and it looks like theres been a huge increase of the amount of packets passing through my pc

EXAMPLE:

03:03:45.983840 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . 40214:41674(1460) ack 46306 win 65535
03:03:45.983962 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . 41674:43134(1460) ack 46306 win 65535
03:03:45.984086 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . 43134:44594



03:03:45.984470 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: P 48974:49310(336) ack 46306 win 65535
03:03:46.029757 IP 192.168.1.2.3542 > adsl-70-142-217-23.dsl.emhril.sbcglobal.net.65535: . ack 14246 win 64156
03:03:46.033098 IP 192.168.1.2.4193 > c-68-52-34-105.hsd1.tn.comcast.net.61908: . ack 11681 win 65535
03:03:46.139372 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . ack 49226 win 65535
03:03:46.174846 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . ack 50686 win 65535
03:03:46.219881 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . ack 53606 win 65535
03:03:46.230909 IP 192.168.1.2.3915 > 5ac3bd28.bb.sky.com.31098: . ack 7301 win 65535
03:03:46.230930 IP 192.168.1.2.4193 > c-68-52-34-105.hsd1.tn.comcast.net.61908: . ack 12029 win 65187
03:03:46.243874 IP 192.168.1.2.4026 > cpe-75-84-3-3.socal.res.rr.com.27498: . ack 55066 win 65535
03:03:46.246742 IP 192.168.1.2.3915 > 5ac3bd28.bb.sky.com.31098: . 1465:2925(1460) ack 7301 win 65535
03:03:46.246863 IP 192.168.1.2.3915 > 5ac3bd28.bb.sky.com.31098: . 2925:4385(1460) ack 7301 win 65535
03:03:46.246988 IP 192.168.1.2.3915 > 5ac3bd28.bb.sky.com.31098: . 4385:5845(1460) ack 7301 win 65535



When running tcpdump those packets flood my screen, is this normal?

Thanks
 
Old 08-19-2007, 11:07 PM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
It is a little hard to say since we don't know anything about your machine, network environment, or even what software was running at the time.

It does seem a little strange that the machine is connecting out to so many different ISPs at once (RoadRunner, Sky Broadband, and Comcast) but again, without more information it is hard to say. For example, if I run tcpdump while logged in with Pidgin, I will get crazy results like that.
 
Old 08-20-2007, 02:32 AM   #3
Arbee
LQ Newbie
 
Registered: Aug 2007
Distribution: Slackware 12.0
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by MS3FGX View Post
It is a little hard to say since we don't know anything about your machine, network environment, or even what software was running at the time.

It does seem a little strange that the machine is connecting out to so many different ISPs at once (RoadRunner, Sky Broadband, and Comcast) but again, without more information it is hard to say. For example, if I run tcpdump while logged in with Pidgin, I will get crazy results like that.
Even with a fresh slack installation and running tcpdump im capturing packets like that. No idea whats going on..

Any info will be appreciated.
 
Old 08-20-2007, 06:28 AM   #4
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
As MS3FGX stated, more information is needed.

For instance, are you running this machine behind a firewall? What services are running (or, what services did you enable during your install)? Did you run 'lsof -i'? Did you check 'netstat'?

There are sticky threads that are to be used as guidelines within this forum to assist you in issues where the integrity of your machine is questioned.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NDISWRAPPER and alot more DaveyB Debian 6 09-29-2006 08:35 PM
encapsulating TCP packets in UDP packets... yoshi95 Programming 3 06-03-2004 02:53 PM
Alot Of Checksums Lagg Linux - General 2 09-10-2003 05:36 PM
I got alot to do and Ask. Edo Linux - Newbie 1 11-02-2002 09:14 AM
Thanks ALOT!!!! Ruckuss Linux - Networking 0 01-06-2002 12:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration