tcpdump mailing list archives
does "port 25" work?
From: "U. George" <netbeans () gatworks com>
Date: Thu, 31 Jul 2008 08:52:45 -0400
I just wanted to see Domain/DNS requests comming in from the 'outside' and are being 'forwarded' back to the outside for answers.
every time I try:
[root@laptopserver MyRblsmtpd]# /usr/sbin/tcpdump -n -v -i eth1 port domain tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 0 packets captured 0 packets received by filter 0 packets dropped by kernel[root@laptopserver MyRblsmtpd]#
BUT if i remove the 'port domain' i see all the packets:
[root@laptopserver gat]# /usr/sbin/tcpdump -v -n -i eth1 tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes08:49:38.834343 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 50854, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.45573 > 71.247.232.63.domain: S [tcp sum ok] 1445792188:1445792188(0) win 8190 <mss 1460> 08:49:40.815600 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 48817, offset 0, flags [DF], proto 6, length: 40) 59.151.50.248.45573 > 71.247.232.63.domain: R [tcp sum ok] 1445792189:1445792189(0) win 9800 08:49:42.992985 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 246, id 6901, offset 0, flags [none], proto 17, length: 45) 63.245.213.10.53624 > 71.247.232.63.domain: 10+ A? . (17) 08:49:42.995969 PPPoE [ses 0xea20] IP (tos 0x0, ttl 64, id 3162, offset 0, flags [DF], proto 17, length: 45) 71.247.232.63.domain > 63.245.213.10.53624: 10 Refused- 0/0/0 (17) 08:49:43.828906 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 7869, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.47111 > 71.247.232.63.domain: S [tcp sum ok] 1482217256:1482217256(0) win 8190 <mss 1460> 08:49:45.160039 PPPoE [ses 0xea20] LCP, Echo-Request (0x09), id 119, Magic-Num 0x90013b4f, length 12 08:49:45.160750 PPPoE [ses 0xea20] LCP, Echo-Reply (0x0a), id 119, Magic-Num 0x6b50a930, length 12 08:49:45.693403 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 32196, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.47111 > 71.247.232.63.domain: S [tcp sum ok] 1482217256:1482217256(0) win 8190 <mss 1460> 08:49:46.818311 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 41929, offset 0, flags [DF], proto 6, length: 40) 59.151.50.248.47111 > 71.247.232.63.domain: R [tcp sum ok] 1482217257:1482217257(0) win 9800 08:49:49.815924 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 53721, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.48414 > 71.247.232.63.domain: S [tcp sum ok] 1518758425:1518758425(0) win 8190 <mss 1460> 08:49:51.613085 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 19426, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.48414 > 71.247.232.63.domain: S [tcp sum ok] 1518758425:1518758425(0) win 8190 <mss 1460> 08:49:52.807726 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 9704, offset 0, flags [DF], proto 6, length: 40) 59.151.50.248.48414 > 71.247.232.63.domain: R [tcp sum ok] 1518758426:1518758426(0) win 9800 08:49:55.816590 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 13812, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.49728 > 71.247.232.63.domain: S [tcp sum ok] 1554093908:1554093908(0) win 8190 <mss 1460> 08:49:56.201137 PPPoE [ses 0xea20] LCP, Echo-Request (0x09), id 201, Magic-Num 0x6b50a930, length 8 08:49:56.223061 PPPoE [ses 0xea20] LCP, Echo-Reply (0x0a), id 201, Magic-Num 0x90013b4f, length 8 08:49:57.872512 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 40445, offset 0, flags [DF], proto 6, length: 44) 59.151.50.248.49728 > 71.247.232.63.domain: S [tcp sum ok] 1554093908:1554093908(0) win 8190 <mss 1460> 08:49:58.805752 PPPoE [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 34305, offset 0, flags [DF], proto 6, length: 40) 59.151.50.248.49728 > 71.247.232.63.domain: R [tcp sum ok] 1554093909:1554093909(0) win 9800 17 packets captured 17 packets received by filter 0 packets dropped by kernel
Am I doing something wrong ? - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? Guy Harris (Jul 31)
- Re: does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? Guy Harris (Jul 31)
- Re: does "port 25" work? Guy Harris (Jul 31)
- Re: does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? Stephen Donnelly (Jul 31)
- Re: does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? Stephen Donnelly (Jul 31)
- Re: does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? Guy Harris (Jul 31)
- Re: does "port 25" work? Guy Harris (Jul 31)