more unknown traffic on eth0

Fri, 15 Aug 2008 21:24:10 -0700

Some time ago, I picked up a command line formula to listen for arp sniffers. I just modified the formula because I am getting traffic when I think there should be none. 

Here's the formula and results:
# tcpdump -l -n | head -100 | awk '{ print $3 $4 $5 }' | sort | uniq -c | sort -n 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
1 24.64.110.160.17850>68.183.me.me.1027:
1 24.64.110.160.17850>68.183.me.me.1028:
1 24.64.110.160.17850>68.183.me.me.cap:
1 24.64.132.160.24834>68.183.me.me.1027:
1 24.64.132.160.24834>68.183.me.me.1028:
1 24.64.132.160.24834>68.183.me.me.cap:
1 64.73.32.134.ntp>68.183.me.me.ntp:
1 66.51.205.100.domain>68.183.me.me.34899:
1 66.51.205.100.domain>68.183.me.me.42504:
1 66.51.205.100.domain>68.183.me.me.42864:
1 66.51.205.100.domain>68.183.me.me.56411:
1 66.51.206.100.domain>68.183.me.me.35097:
1 68.183.me.me.34899>66.51.205.100.domain:
1 68.183.me.me.35097>66.51.206.100.domain:
1 68.183.me.me.42504>66.51.205.100.domain:
1 68.183.me.me.42864>66.51.205.100.domain:
1 68.183.me.me.49685>66.51.205.100.domain:
1 68.183.me.me.56411>66.51.205.100.domain:
1 68.183.me.me.ntp>64.73.32.134.ntp:
2 68.183.171.148.panasas>68.183.me.me.microsoft-ds:
2 68.183.me.me>68.183.171.148:
2 68.183.me.me.ntp>69.36.240.252.ntp:
2 69.36.240.252.ntp>68.183.me.me.ntp:
3 64.233.187.136.http>68.183.me.me.37573:
3 68.183.me.me>24.64.110.160:
3 68.183.me.me>24.64.132.160:
4 68.183.me.me.37573>64.233.187.136.http:
15 66.163.181.169.mmcc>68.183.me.me.59671:
15 66.163.181.170.mmcc>68.183.me.me.34149:
15 68.183.me.me.34149>66.163.181.170.mmcc:
15 68.183.me.me.59671>66.163.181.169.mmcc:
101 packets captured
101 packets received by filter
0 packets dropped by kernel
I'm not concerned about the ntp stuff. But what's all the other stuff? (Especially, why is there a "68.183.me.me.microsoft-ds"?) 

I'm going to repeat the process, but for 1000 lines.



--
Saudi Arabia's relations with the U.S. were strained after the Sept. 11, 2001, terrorist attacks—15 of the 19 suicide bombers involved were Saudis. ... The U.S. had maintained troops in the country for the past decade, a source of great controversy in the strongly conservative Islamic country. One of the major reasons given for the Sept. 11 attacks by Saudi terrorist Osama bin Laden was the presence of U.S. troops in the home of Islam's holiest sites, Medina and Mecca. 
http://www.infoplease.com/ipa/A0107947.html


--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list

Reply via email to