interpreting tcpdump output -- do I have a problem?
Hello, I ran tcpdump and got some unexpected (to me, at least) output. Here is a short example: ============================================================================================================================= 20:03:42.105589 home.paulsen.org.clvm-cfg > ns3.texas.net.domain: 51903+ PTR? 2.78.40.216.in-addr.arpa. (42) 20:03:42.313064 ns3.texas.net.domain > home.paulsen.org.clvm-cfg: 51903* 1/3/3 PTR holder2.net78.connectsouth.net. (209) (DF) 20:03:42.313975 home.paulsen.org.clvm-cfg > ns3.texas.net.domain: 51904+ PTR? 3.0.207.207.in-addr.arpa. (42) 20:03:42.368919 ns3.texas.net.domain > home.paulsen.org.clvm-cfg: 51904* 1/2/2 PTR ns3.texas.net. (158) (DF) 20:03:43.209947 home.paulsen.org.clvm-cfg > ns3.texas.net.domain: 51905+ PTR? 91.183.140.216.in-addr.arpa. (45) 20:03:43.243013 ns3.texas.net.domain > home.paulsen.org.clvm-cfg: 51905 1/2/2 PTR mail.aurasoma.net. (177) (DF) 20:03:45.668535 home.paulsen.org.clvm-cfg > ns3.texas.net.domain: 51906+ PTR? 161.67.231.209.in-addr.arpa. (45) 20:03:45.879046 ns3.texas.net.domain > home.paulsen.org.clvm-cfg: 51906* 1/2/2 PTR paulsen.net.criticalpath.net. (181) (DF) ============================================================================================================================= (home.paulsen.org is my local host -- it has a class-c IP address of 192.168.0.1 and is connected to the Internet via a Win2K box that uses a cable modem. texas.net provides the name server.) clvm-cfg is port number 1476. There were many other lines in the tcpdump output with "nearby" port numbers. Does this mean that those services are really in use? Or are these ports just being dynamically assigned for other uses. It seems unlikely that my system would really be using the services those port numbers are assigned to -- most of them seem to have something to do with license management of applications I never heard of before. -- ____________________________________________________________________ Robert Paulsen paulsen@texas.net
Hi, At 09:36 23/12/00 -0600, Robert C. Paulsen Jr. wrote:
I ran tcpdump and got some unexpected (to me, at least) output. Here is a short example:
Snip No problem. This is normal DNS (domain) traffic. home.paulsen.org is asking the questions and ns3.texas.net is answering. Service is domain (port 53) and your host started the conversation using port 1476 as its source port. Source ports are chosen by the client and are not related to service except in special circumstances. John
On Sat, Dec 23, 2000 at 06:32:41PM +0000, John Trickey wrote:
Hi,
At 09:36 23/12/00 -0600, Robert C. Paulsen Jr. wrote:
I ran tcpdump and got some unexpected (to me, at least) output. Here is a short example:
Snip
No problem. This is normal DNS (domain) traffic. home.paulsen.org is asking the questions and ns3.texas.net is answering. Service is domain (port 53) and your host started the conversation using port 1476 as its source port. Source ports are chosen by the client and are not related to service except in special circumstances.
OK, thanks. That's what I was guessing -- and hoping for! -- ____________________________________________________________________ Robert Paulsen paulsen@texas.net
participants (2)
-
John Trickey
-
Robert C. Paulsen Jr.