Ok thanks, it's fixed... doh.
On Sat, 2003-04-19 at 07:02, Jim Norton wrote:
I am fascinated by ethereal now. I've got a trace at http://www.oregonhanggliding.com/capture2.gz if anybody is inclined to take a look and tell me if something looks out of the ordinary.
The permissions on the file are bad. I got permission denied when I tried to fetch it
On Saturday 19 April 2003 00:08, Jim Norton wrote:
Ok thanks, it's fixed... doh.
On Sat, 2003-04-19 at 07:02, Jim Norton wrote:
I am fascinated by ethereal now. I've got a trace at http://www.oregonhanggliding.com/capture2.gz if anybody is inclined to take a look and tell me if something looks out of the ordinary.
The permissions on the file are bad. I got permission denied when I tried to fetch it
Hehehe.....good point Anders! Jim you just gave out a capture with email specific information contained therein. Be sure to filter this out prior to saving another capture for our perusal. ;) One thing that i would recommend that you look for is packets that match the following filter: icmp.code == 3 These are "ports unreachable" meaning either your computer and/or another computer is not accepting connections on that port. Yours seems ok. Alot of trojans and such send out data to hard-coded servers that may be down. And this reponse is sent in return Another might be this filter: tcp.flags.reset == 1 Keep an eye for this one. This states that a connection needs to be reset. This sometimes can be a FIN scan. The standard states that a RST flag is to be set if a computer receives a packet on a non-listening port. i.e. a port wihout an active daemon. HTH. -- Thomas Jones Linux-Howtos Administrator
Thanks folks for looking at that ethereal capture and suggesting some filters. I supposed I could have filtered out the SMTP stuff.. heh Thanks again, Jim
On Sat, 2003-04-19 at 07:08, Jim Norton wrote:
Ok thanks, it's fixed... doh.
It looks pretty normal to me. Standard traffic for a server, nothing unusual that I could see.
Of course, the log also shows you why you should encrypt sensitive email :)
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (3)
-
Anders Johansson
-
jrn@oregonhanggliding.com
-
Thomas Jones