From owner-freebsd-net@freebsd.org  Mon May 16 18:44:41 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62C63B3DE7F
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 16 May 2016 18:44:41 +0000 (UTC) (envelope-from ler@lerctr.org)
Received: from thebighonker.lerctr.org (thebighonker.lerctr.org
 [IPv6:2001:470:1f0f:3ad:223:7dff:fe9e:6e8a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "thebighonker.lerctr.org",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0CA441EE1;
 Mon, 16 May 2016 18:44:40 +0000 (UTC) (envelope-from ler@lerctr.org)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lerctr.org; 
 s=lerami;
 h=Message-ID:References:In-Reply-To:Subject:Cc:To:From:Date:
 Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=hhf+6e5aPDMw/doAbMpK9F4ZddWd5k61PUVL2LBE7Nc=; b=gt2NRdD41GwrY4lZbKqMXE6QW9
 Adsno56V5NeHjGVpBiqRq0S4AOMxOEoNPGLu/NPDrZtwaAlgAmWXoO6itYQ21903hAVG09NEcIjQE
 A5FJcaYZshVX3TrwUODcaacbQVjVRii/iwOjdfDzUoUZpKPOg9cj/qcerdpCBdP+Jcww=;
Received: from thebighonker.lerctr.org
 ([2001:470:1f0f:3ad:223:7dff:fe9e:6e8a]:32433 helo=webmail.lerctr.org)
 by thebighonker.lerctr.org with esmtpsa
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87 (FreeBSD))
 (envelope-from <ler@lerctr.org>)
 id 1b2NVP-0007rm-TS; Mon, 16 May 2016 13:44:40 -0500
Received: from proxy.na.alcatel-lucent.com ([135.245.48.82])
 by webmail.lerctr.org
 with HTTP (HTTP/1.1 POST); Mon, 16 May 2016 13:44:39 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 16 May 2016 13:44:39 -0500
From: Larry Rosenman <ler@lerctr.org>
To: Gary Palmer <gpalmer@freebsd.org>
Cc: Freebsd net <freebsd-net@freebsd.org>
Subject: Re: Closed port RST: Any way to find out what port(s)?
In-Reply-To: <20160516173649.GA15236@in-addr.com>
References: <472a21d960dd951dfd4a70e5dc94b7e5@thebighonker.lerctr.org>
 <20160516173649.GA15236@in-addr.com>
Message-ID: <18e9fde27f20c53a1d21b7a2160595b9@thebighonker.lerctr.org>
X-Sender: ler@lerctr.org
User-Agent: Roundcube Webmail/1.1.4
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 18:44:41 -0000

On 2016-05-16 12:36, Gary Palmer wrote:
> On Mon, May 16, 2016 at 12:31:02PM -0500, Larry Rosenman wrote:
>> I'm seeing tons of:
>> Limiting closed port RST response from 201 to 200 packets/sec
>> in my log.  Is there any way to see what port(s) are being pounded?
> 
> sysctl net.inet.tcp.log_in_vain=1
> 
> I expect you would get a ton of spam from that, so my suggestion would
> be tcpdump.  e.g.
> 
> tcpdump -i <interface> -n 'tcp[tcpflags] & (tcp-rst) != 0'
> 
> Regards,
> 
> Gary
Thanks, Gary.  Turns out it's a "known issue" with multimedia/plex*, and 
occasionally it will
stop answering on 33400.

the sysctl helped there.


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: ler@lerctr.org
US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281