Re: Etiquette re: unanswered questions

Richard P. Koett Thu, 29 Sep 2005 21:18:14 -0700

Ingo Schwarze wrote:
> Dear Mr. Koett,
> 
> Ted Unangst schrieb am Thu, Sep 29, 2005 at 10:00:01PM -0400:
>> On Thu, 29 Sep 2005, Richard P. Koett wrote:
> [...]
>>> b) Rephrase the question?
>> yes.  ask again, include more information
> 
> In this particular case, you might for example
>  - try tcpdump -er instead of just -r
>    This might tell you whether these are incoming or outgoing
>    or loopback packets.
>  - note which OS version you are running (current?)
>    and include the output of tcpdump -V
>  - tell the list on what kind of network segment the
>    respective interface is and which kind of traffic
>    you would expect on that network
> 
> I'm sorry i dont know what 33:0:0:0:0:0 > 3d:2:1:0:6e:65
> might mean, either - i cannot remember to have seen such
> tcpdump output before...  So in a way, i'm curious, too...
> 
> Hope that helps all the same,
>   Ingo Schwarze


Okay, I ran 'tcpdump -evvr /var/log/pflog' and saw entries like:

09:37:39.020855 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 108: null I (s=0,r=0,C)
len=90
09:49:27.402022 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
09:49:27.946815 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
09:49:28.479792 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:04:16.389863 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 972: null I (s=0,r=0,C)
len=954
10:12:52.206911 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:12:52.747479 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:12:53.287096 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:15:46.908598 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:15:47.411027 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:15:47.844158 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:18:42.252439 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:18:42.957580 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:18:43.660591 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:19:37.303808 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 411: null I (s=0,r=0,C)
len=393
10:29:43.254878 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94
10:29:44.788968 33:0:0:0:0:0 3d:2:1:0:6e:65 0000 112: null I (s=0,r=0,C)
len=94

OS version is as follows:
OpenBSD 3.7-current (GENERIC) #0: Sat Jun  4 18:58:52 PDT 2005
    [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

tcpdump -V shows:
tcpdump version 3.4.0
libpcap version 0.5

This machine has two interfaces - 'ne3' facing the Internet and 'rl0'
facing a small (3 computer) internal network. I am *assuming* that the
log entries pertain to the external interface but tcpdump is not showing
some information (such as block in/out, interface name, pf.conf rule
number) that it shows with other log entries.

As far as I know things are working fine - I'm just curious to know more
about what these events mean. As mentioned previously I haven't found
much help via Google or archives.

If there is anything else I can do to provide better information please
let me know.

Re: Etiquette re: unanswered questions

Reply via email to