Output is: [EMAIL PROTECTED]:~$ su - Password: www:~# tcpdump -d src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \) (000) ldh [12] (001) jeq #0x800 jt 2 jf 8 (002) ld [26] (003) jeq #0xa281e1c0 jt 4 jf 8 (004) ldb [23] (005) jeq #0x6 jt 7 jf 6 (006) jeq #0x11 jt 7 jf 8 (007) ret #96 (008) ret #0 www:~# tcpdump src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \) tcpdump: listening on eth0 15:33:05.757014 virtual.jhuccp.org.59313 > ns1.jhmi.edu.domain: 37894+ AAAA? centernet.jhuccp.org. (38) (DF) 15:33:05.758609 ns1.jhmi.edu.domain > virtual.jhuccp.org.59313: 37894* 0/1/0 (97) (DF) 15:33:05.758927 virtual.jhuccp.org.59313 > ns1.jhmi.edu.domain: 37895+ A? centernet.jhuccp.org. (38) (DF) 15:33:05.765150 ns1.jhmi.edu.domain > virtual.jhuccp.org.59313: 37895* 1/2/2 A 162.129.225.192 (130) (DF)
4 packets received by filter 0 packets dropped by kernel www:~# tcpdump -h tcpdump version 3.6 libpcap version 0.6 Usage: tcpdump [-adeflnNOpqStuvxX] [-c count] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ] www:~# Thanks, again, Guy. -Kevin >>> [EMAIL PROTECTED] 09/27/04 03:32PM >>> KEVIN ZEMBOWER wrote: > As you can see, I'm still getting packets from ns1.jhmi.edu on the DNS port. What does the command tcpdump -d src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \) print? > If it helps, I'm using bash 2.05 on a Debian woody (stable, 3.0) distro > running kernal 2.4.18. The bash and kernel versions probably aren't the most important version numbers - the libpcap version is. What does tcpdump -h print? - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.