Date: Tue, 12 Jan 1999 13:45:03 -0800 (PST) From: Keith Woodworth <kwoody@citytel.net> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Tcpdump interpretation Message-ID: <Pine.BSF.3.91.990112134334.1459A-100000@mybsd.net>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD machine at home that I use for NAT via the ppp -alias function. There is a timeout on the ppp connection of 900 secs. While on at home the other day I notice that the link had not timed out but the modem lights would flash every few seconds. Ok so there is something I think sending data out...I run rc5 on about 4 machines here so I figure its a box flushing/fetching blocks. So run a quick tcpdump and find something quite unexpected. Can someone tell me what these results mean? I think someone is pinging me then they get redirected to our primary nameserver but I'm probably way off base. Also whats up with udp port 28800? Or udp 4? This started happening as far as I can tell about 2 days ago. Its all been from different address's too. Am I just blowing smoke here? Ive never seen this before. This is just a partial excerpt from what Ive gathered at various times over the last 2 days: I'm IP 204.244.99.101. citytel1.citytel.net is the primary NS of citytel.net I see ICMP so I think ping...is that right? 00:03:32.181470 204.244.99.101 > cx185912-a.orng1.occa.home.com: icmp: 204.244.99.101 udp port 28800 unreachable 00:03:45.601911 usr2-d1.cwnet.com.28800 > 204.244.99.101.28800: udp 4 00:03:45.602609 204.244.99.101 > usr2-d1.cwnet.com: icmp: 204.244.99.101 udp port 28800 unreachable 00:03:46.056422 204.244.99.101.4115 > citytel1.citytel.net.domain: 11238+ (45) 00:03:50.311193 210.109.115.6.28800 > 204.244.99.101.28800: udp 4 00:03:50.311755 204.244.99.101 > 210.109.115.6: icmp: 204.244.99.101 udp port 28800 unreachable 00:03:50.341274 citytel1.citytel.net.domain > 204.244.99.101.4115: 11238* 1/2/2 (175) 00:03:50.348551 204.244.99.101.4116 > citytel1.citytel.net.domain: 11239+ (43) 00:03:50.531342 citytel1.citytel.net.domain > 204.244.99.101.4116: 11239 1/3/3 (211) 00:03:50.536049 210.109.115.2.28800 > 204.244.99.101.28800: udp 4 00:04:12.242256 204.244.99.101 > cx185912-a.orng1.occa.home.com: icmp: 204.244.99.101 udp port 28800 unreachable 00:04:26.701790 usr2-d1.cwnet.com.28800 > 204.244.99.101.28800: udp 4 Too me it look as if I'm being pinged. Why I dont know since I"m only on a dialup line. This has been happeing over the last 2 weeks. Its keeps me online and its bugging me. Thanks for any info... Keith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.990112134334.1459A-100000>