Re: someone help interpret log messages please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I know that a lot of these messages are regarding DNS, but since nothing
> should be happening on the server (afaik there is no activity on the
> server, it's just sitting there plugged in) why are the messages being
> repeated 100's of times? Does DNS traffic always occur that much?

Yes this is dns traffic and it really does occur that often. My guess is your
linux machine isn't able to do name lookups either.

Running tcpdump on the server with name resolution turned off will be an 
informative excercise.

eg, /usr/sbin/tcpdump -n -i eth0

Assuming of course that eth0 is your network interface and not something else 
like ppp0 or eth1.

Then try running tcpdump with name resolution turned on ;)

eg, /usr/sbin/tcpdump -i eth0

> Dec 02 12:47:57 192.168.1.1 dslrouter 2003 protocol:TCP srcIP:
> 66.15.70.32 dstIP:    66.15.5.176 srcPort: 3645 dstPort:  135 attempt
> Dec 02 12:47:57 192.168.1.1 dslrouter 2003 protocol:UDP srcIP:
> 192.168.1.2 dstIP:        4.2.2.1 srcPort:46599 dstPort:   53 attempt
> Dec 02 12:48:00 192.168.1.1 last message repeated 78 times
> Dec 02 12:48:06 192.168.1.1 dslrouter 2003 protocol:UDP srcIP:
> 192.168.1.2 dstIP:        4.2.2.1 srcPort:46600 dstPort:   53 attempt
> Dec 02 12:48:10 192.168.1.1 last message repeated 124 times
> Dec 02 12:48:15 192.168.1.1 dslrouter 2003 protocol:UDP srcIP:
> 192.168.1.2 dstIP:        4.2.2.1 srcPort:46601 dstPort:   53 attempt
> Dec 02 12:48:29 192.168.1.1 last message repeated 432 times
> Dec 02 12:48:34 192.168.1.1 dslrouter 2003 protocol:UDP srcIP:
> 192.168.1.2 dstIP:        4.2.2.1 srcPort:46602 dstPort:   53 attempt
> Dec 02 12:48:47 192.168.1.1 last message repeated 187 times
> Dec 02 12:48:47 192.168.1.1 dslrouter 2003 protocol:TCP srcIP:
> 192.168.1.2 dstIP: 64.215.248.238 srcPort:   22 dstPort:53394 attempt
> Dec 02 12:48:47 192.168.1.1 dslrouter 2003 protocol:UDP srcIP:
> 192.168.1.2 dstIP:        4.2.2.1 srcPort:46602 dstPort:   53 attempt

Your firewall is apparently very chatty when logging.

-- 
Matthew Galgoci
System Administrator
Red Hat, Inc
919.754.3700 x44155


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux