tcpdump mailing list archives

does "port 25" work?

From: "U. George" <netbeans () gatworks com>
Date: Thu, 31 Jul 2008 08:52:45 -0400

I just wanted to see Domain/DNS requests comming in from the 'outside'and are being 'forwarded' back to the outside for answers.


every time I try:

[root@laptopserver MyRblsmtpd]# /usr/sbin/tcpdump  -n -v -i eth1 port domain
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel

[root@laptopserver MyRblsmtpd]#


BUT if i remove the 'port domain' i see all the packets:

[root@laptopserver gat]# /usr/sbin/tcpdump -v -n -i eth1tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes

08:49:38.834343 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 50854, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.45573 > 71.247.232.63.domain: S [tcp sum ok] 1445792188:1445792188(0) win 8190 <mss 1460>
08:49:40.815600 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 48817, offset 0, flags [DF], 
proto 6, length: 40) 59.151.50.248.45573 > 71.247.232.63.domain: R [tcp sum ok] 1445792189:1445792189(0) win 9800
08:49:42.992985 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 246, id 6901, offset 0, flags [none], 
proto 17, length: 45) 63.245.213.10.53624 > 71.247.232.63.domain:  10+ A? . (17)
08:49:42.995969 PPPoE  [ses 0xea20] IP (tos 0x0, ttl  64, id 3162, offset 0, flags [DF], proto 17, length: 45) 
71.247.232.63.domain > 63.245.213.10.53624:  10 Refused- 0/0/0 (17)
08:49:43.828906 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 7869, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.47111 > 71.247.232.63.domain: S [tcp sum ok] 1482217256:1482217256(0) win 8190 <mss 1460>
08:49:45.160039 PPPoE  [ses 0xea20] LCP, Echo-Request (0x09), id 119, Magic-Num 0x90013b4f, length 12
08:49:45.160750 PPPoE  [ses 0xea20] LCP, Echo-Reply (0x0a), id 119, Magic-Num 0x6b50a930, length 12
08:49:45.693403 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 32196, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.47111 > 71.247.232.63.domain: S [tcp sum ok] 1482217256:1482217256(0) win 8190 <mss 1460>
08:49:46.818311 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 41929, offset 0, flags [DF], 
proto 6, length: 40) 59.151.50.248.47111 > 71.247.232.63.domain: R [tcp sum ok] 1482217257:1482217257(0) win 9800
08:49:49.815924 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 53721, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.48414 > 71.247.232.63.domain: S [tcp sum ok] 1518758425:1518758425(0) win 8190 <mss 1460>
08:49:51.613085 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 19426, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.48414 > 71.247.232.63.domain: S [tcp sum ok] 1518758425:1518758425(0) win 8190 <mss 1460>
08:49:52.807726 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 9704, offset 0, flags [DF], proto 
6, length: 40) 59.151.50.248.48414 > 71.247.232.63.domain: R [tcp sum ok] 1518758426:1518758426(0) win 9800
08:49:55.816590 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 13812, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.49728 > 71.247.232.63.domain: S [tcp sum ok] 1554093908:1554093908(0) win 8190 <mss 1460>
08:49:56.201137 PPPoE  [ses 0xea20] LCP, Echo-Request (0x09), id 201, Magic-Num 0x6b50a930, length 8
08:49:56.223061 PPPoE  [ses 0xea20] LCP, Echo-Reply (0x0a), id 201, Magic-Num 0x90013b4f, length 8
08:49:57.872512 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 40445, offset 0, flags [DF], proto 6, 
length: 44) 59.151.50.248.49728 > 71.247.232.63.domain: S [tcp sum ok] 1554093908:1554093908(0) win 8190 <mss 1460>
08:49:58.805752 PPPoE  [ses 0xea20] [length 48 (4 extra bytes)] IP (tos 0x0, ttl 236, id 34305, offset 0, flags [DF], 
proto 6, length: 40) 59.151.50.248.49728 > 71.247.232.63.domain: R [tcp sum ok] 1554093909:1554093909(0) win 9800

17 packets captured
17 packets received by filter
0 packets dropped by kernel




Am I doing something wrong ?
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

does "port 25" work? U. George (Jul 31)
- Re: does "port 25" work? Guy Harris (Jul 31)
  - Re: does "port 25" work? U. George (Jul 31)
    - Re: does "port 25" work? U. George (Jul 31)
    - Re: does "port 25" work? Guy Harris (Jul 31)
    - Re: does "port 25" work? Guy Harris (Jul 31)
    - Re: does "port 25" work? U. George (Jul 31)
    - Re: does "port 25" work? Stephen Donnelly (Jul 31)
    - Re: does "port 25" work? U. George (Jul 31)
    - Re: does "port 25" work? Stephen Donnelly (Jul 31)
    - Re: does "port 25" work? Guy Harris (Jul 31)

(Thread continues...)