-----BEGIN PGP SIGNED MESSAGE-----
Humm, been doing this stuff for over 20 years and I don't know
offhand how to get the answer to your ARPHRD_ question. I guess there
is allway reason to be humble... FYI ARP is turned off on this
interface if one asks ifconfig.
Tell me how to get the data you ask for and I shall.
Yes it's Linux, 2.2.1x kernels to be exact.
Appended is some sample output, note that the output below is a bit
different from what I was getting this morning, which looked like a
DDoS attack but was really a file transfer.
I am using the LMC (now SBE, wanADAPT-1T1E1) T1/E1 cards and
drivers, though in the past a Cisco box was at one end worked just
fine as well.
I need to get back to deep DNS dodo. Thanks for looking into this!
||ugh Daniel
[EMAIL PROTECTED]
Systems Testing & Project mis-Management
The Linux FreeS/WAN Project
http://www.freeswan.org
- ----: Unresonable output:
hugh@burpelson $ so tcpdump -e -n -i hdlc0
15:21:39.562131 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 62: 217.2.192.181.4663 >
192.171.112.89.www: S 668895481:668895481(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
15:21:39.562144 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 62: 217.2.192.181.4663 >
192.171.112.89.www: S 668895481:668895481(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
15:21:39.562916 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 54: 216.235.246.130.2490 >
216.240.42.137.www: . 1:1(0) ack 1460 win 17520 (DF)
15:21:39.563961 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 186: null > sap 0f I (s=4,r=0,C) len=168
4500 00a8 ea61 4000 fe06 1045 d8f0 2a89
411a 3d15 0050 0e5c 611b 55a9 892f 3225
5018 2238 c82f 0000 e38f f1aa 72ea d752
2ed0 563e b9d8 3afe 7594 b110 5e66 b1c3
cdf9 1bae e918 cc8e a833 8cb1 c552 9b57
b78c af96 1a6c f271 f2e3 f123 afe1 deb0
9dda 462c ec59 8f52 4e4d 2573 cb15 27f0
e86f 1c2c 57c5 a966 e6fe 7bae 1db6 a7f7
1781 ff00 d7aa d451 5ced b6ee
15:21:39.563961 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 182: 216.240.42.137.www >
65.26.61.21.3676: P 2920:3048(128) ack 1 win 8760 (DF)
15:21:39.565887 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 70: null > sap 0f I (s=4,r=0,C) len=52
4500 0034 deb7 4000 5c06 03cc d9e2 319c
c0ab 7016 0537 0050 0e28 23a4 0000 0000
8002 7fff 7be9 0000 0204 0550 0103 0300
0101 0402
15:21:39.565887 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 66: 217.226.49.156.1335 >
192.171.112.22.www: S 237511588:237511588(0) win 32767 <mss 1360,nop,wscale
0,nop,nop,sackOK> (DF)
15:21:39.565903 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 66: 217.226.49.156.1335 >
192.171.112.22.www: S 237511588:237511588(0) win 32767 <mss 1360,nop,wscale
0,nop,nop,sackOK> (DF)
15:21:39.566179 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 66: null > sap 0f I (s=4,r=0,C) len=48
4500 0030 f026 4000 3d06 82e4 d902 c0b5
c0ab 7059 1237 0050 27de 88f9 0000 0000
7002 2238 d2cb 0000 0204 05b4 0101 0402
15:21:39.566179 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 62: 217.2.192.181.4663 >
192.171.112.89.www: S 668895481:668895481(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
15:21:39.566194 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 62: 217.2.192.181.4663 >
192.171.112.89.www: S 668895481:668895481(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
15:21:39.574683 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 1518: null > sap 0f I (s=4,r=0,C)
len=1500
4500 05dc 90ef 4000 fe06 1344 d8f0 2a89
d8eb f682 0050 09ba 6119 080c aee7 4eb6
5010 2238 a47c 0000 6561 7274 682e 6576
6966 223e 0a3c 6172 6561 2073 6861 7065
3d22 7265 6374 2220 636f 6f72 6473 3d22
3237 342c 3232 382c 3331 392c 3237 3322
2068 7265 663d 222f 6367 692d 6269 6e2f
756e 6367 692f 4561 7274 683f 696d 6773
697a 653d 3332 3026 6f70 743d
15:21:39.574683 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 1514: 216.240.42.137.www >
216.235.246.130.2490: . 1460:2920(1460) ack 1 win 8760 (DF)
15:21:39.582573 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 1518: null > sap 0f I (s=4,r=0,C)
len=1500
4500 05dc 90f0 4000 fe06 1343 d8f0 2a89
d8eb f682 0050 09ba 6119 0dc0 aee7 4eb6
5010 2238 153e 0000 6172 7468 3f69 6d67
7369 7a65 3d33 3230 266f 7074 3d2d 6c26
6c61 743d 2d38 302e 3430 3539 266e 733d
4e6f 7274 6826 6c6f 6e3d 3231 342e 3338
3826 6577 3d57 6573 7426 616c 743d 3231
3326 696d 673d 6c65 6172 7468 2e65 7669
6622 3e69 6e3c 2f61 3e0a 6f72
15:21:39.582573 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 1514: 216.240.42.137.www >
216.235.246.130.2490: . 2920:4380(1460) ack 1 win 8760 (DF)
15:21:39.583728 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 1514: 216.181.81.137.35624 >
216.240.42.35.ssh: . 2126700247:2126701695(1448) ack 1499478048 win 9600
<nop,nop,timestamp 62578691 109901040> (DF) [tos 0x2,ECT]
15:21:39.589629 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 1514: 216.181.81.137.35624 >
216.240.42.35.ssh: . 1448:2896(1448) ack 1 win 9600 <nop,nop,timestamp 62578691
109901040> (DF) [tos 0x2,ECT]
15:21:39.590285 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 1483: null > sap 0f I (s=4,r=0,C)
len=1465
4500 05b9 90f1 4000 fe06 1365 d8f0 2a89
d8eb f682 0050 09ba 6119 1374 aee7 4eb6
5011 2238 7458 0000 2030 3132 3332 2e30
3836 3831 3437 3920 202e 3030 3030 3031
3039 2020 3030 3030 302d 3020 2031 3137
3633 2d33 2030 2020 3635 3633 0a32 2030
3034 3234 2020 3830 2e34 3633 3720 3231
382e 3534 3935 2030 3032 3230 3336 2032
3037 2e37 3737 3320 3135 322e
15:21:39.590285 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 1479: 216.240.42.137.www >
216.235.246.130.2490: F 4380:5805(1425) ack 1 win 8760 (DF)
15:21:39.590597 < 0:0:0:0:0:0 0:0:0:0:0:1 0007 70: null > sap 0f I (s=4,r=0,C) len=52
4500 0034 deb7 4000 5a06 05cc d9e2 319c
c0ab 7016 0537 0050 0e28 23a4 0000 0000
8002 7fff 7be9 0000 0204 0550 0103 0300
0101 0402
15:21:39.590597 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 66: 217.226.49.156.1335 >
192.171.112.22.www: S 237511588:237511588(0) win 32767 <mss 1360,nop,wscale
0,nop,nop,sackOK> (DF)
15:21:39.590607 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 66: 217.226.49.156.1335 >
192.171.112.22.www: S 237511588:237511588(0) win 32767 <mss 1360,nop,wscale
0,nop,nop,sackOK> (DF)
- ----: Resonable output:
hugh@burpelson $ so tcpdump -e -n -i eth0
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
15:22:08.112652 < 0:50:73:f9:37:21 0:0:0:0:0:1 ip 138: 216.181.81.137.35624 >
216.240.42.35.ssh: P 2127747179:2127747247(68) ack 1499488448 win 9600
<nop,nop,timestamp 62581546 109903897> (DF) [tos 0x2,ECT]
15:22:08.118290 > 0:0:0:0:0:0 0:60:ef:20:3a:c0 ip 174: 216.240.36.86 >
216.181.177.226: ip-proto-50 140
15:22:08.118827 > 0:0:0:0:0:0 0:60:ef:20:3a:c0 ip 890: 216.240.32.141.ssh >
216.181.81.137.35647: P 1681791247:1681792071(824) ack 3712898839 win 32120
<nop,nop,timestamp 569951489 62581543> (DF)
15:22:08.171692 < 0:50:73:f9:37:21 0:0:0:0:0:1 ip 70: 216.181.81.137.35647 >
216.240.32.141.ssh: . 1:1(0) ack 0 win 63648 <nop,nop,timestamp 62581552 569951485>
(DF)
15:22:08.219115 < 0:50:73:f9:37:21 0:0:0:0:0:1 ip 70: 216.181.81.137.35647 >
216.240.32.141.ssh: . 1:1(0) ack 824 win 63648 <nop,nop,timestamp 62581557 569951489>
(DF)
15:22:08.219167 > 0:0:0:0:0:0 0:60:ef:20:3a:c0 ip 506: 216.240.32.141.ssh >
216.181.81.137.35647: P 824:1264(440) ack 1 win 32120 <nop,nop,timestamp 569951499
62581557> (DF)
15:22:08.238753 > 0:0:0:0:0:0 0:60:ef:20:3a:c0 ip 90: 216.240.36.86 > 217.208.125.51:
icmp: time exceeded in-transit [tos 0xc0]
15:22:08.240077 > 0:0:0:0:0:0 0:60:ef:20:3a:c0 ip 110: 216.240.32.141 >
202.105.237.42: icmp: time exceeded in-transit [tos 0xc0]
15:22:08.240575 > 0:0:0:0:0:0 0:60:ef:20:3a:c0 ip 826: 216.240.32.141.ssh >
216.181.81.137.35647: P 1264:2024(760) ack 1 win 32120 <nop,nop,timestamp 569951501
62581557> (DF)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBO5vlBVZpdJR7FBQRAQG55wP/VVqBGazV6Iau8C4GGPJmV0ug0B8tKwgP
6Fb216LW4fk9d0FGVkCcnVv7dq/i9j1R+CvmLWRciKNm0paE4a47XdukH4oWPUo6
HH1nxhUcGEYRpnWYl345DawWt5mzWNniwU77s9dZmDatQP4VoINa0FmoHN/GF6H5
ZzjvLLAXdv0=
=rGz9
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
