LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page sending packets
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-03-2006, 05:26 AM   #1
sanjibgupta
Member
 
Registered: Apr 2003
Location: Kolkata
Posts: 215

Rep: Reputation: 30
sending packets

Hi

I have seen this lines in the /var/log/messages file

Jan 3 17:20:39 cb kernel: IN= OUT=lo SRC=127.0.0.2 DST=127.0.0.2 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1025 DPT=53 LEN=59
Jan 3 17:20:39 cb kernel: IN= OUT=lo SRC=127.0.0.2 DST=127.0.0.2 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1025 DPT=53 LEN=59

What does this lines means how do i stop this lines.

Sanjib Gupta
 
Old 01-03-2006, 05:58 AM   #2
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Rep: Reputation: 30
It looks like your firewall (iptables?) blocking some traffic. Those lines in particular are from blocked dns traffic. DPT is the destination port (53-DNS).

The odd thing (to me) is that those packets are completely local. You see that the source (SRC) and destination (DST) ip addresses are your local interface.
 
Old 01-03-2006, 12:22 PM   #3
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
You could use netstat to see what is using the ports. In all of the lines listed the source port is 1025 and the destination port is 53. Log in as root and issue these commands.

netstat -a | grep 1025
netstat -a | grep 53

You can see the command that is running in the process that is using the ports specified in the grep expression. There's probably a more elegant way to do this but this way should work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
packets sent VS packets received fsasya Linux - Networking 0 07-18-2004 07:11 PM
encapsulating TCP packets in UDP packets... yoshi95 Programming 3 06-03-2004 02:53 PM
pppoe.so sending sessions packets with wrong src mac ppp_guy Linux - Networking 1 03-05-2004 04:07 PM
My box is sending packets on port 513? mac_phil Linux - Networking 2 11-08-2003 01:52 PM
packets per second ixion Linux - Networking 1 01-28-2003 06:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:25 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration