Hello, I have a sarge box with iptables completely locked up. I have all policies set to drop and I only allow the ports that I want.
But I'm curious as to what is happening here when I run this tcpdump command. Can anyone help me understand whats happening here: Thanks # tcpdump -i eth0 -q port ! 53 and port ! 510 and ! www tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:10:54.689178 IP pcp08858971pcs.nstnig01.ct.comcast.net.gnutella-svc > hpms.sd57.bc.ca.2939: tcp 134 14:10:54.831023 IP hpms.sd57.bc.ca.2939 > pcp08858971pcs.nstnig01.ct.comcast.net.gnutella-svc: tcp 0 14:10:55.698672 IP p548FD390.dip.t-dialin.net.gnutella-svc > hpms.sd57.bc.ca.2936: tcp 499 14:10:55.834274 IP hpms.sd57.bc.ca.2936 > p548FD390.dip.t-dialin.net.gnutella- svc: tcp 0 14:10:56.440126 IP p548FD390.dip.t-dialin.net.gnutella-svc > hpms.sd57.bc.ca.2936: tcp 118 14:10:56.636872 IP hpms.sd57.bc.ca.2936 > p548FD390.dip.t-dialin.net.gnutella- svc: tcp 0 14:10:57.579087 IP p548FD390.dip.t-dialin.net.gnutella-svc > hpms.sd57.bc.ca.2936: tcp 59 14:10:57.740449 IP hpms.sd57.bc.ca.2936 > p548FD390.dip.t-dialin.net.gnutella- svc: tcp 0 14:10:58.693657 IP p548FD390.dip.t-dialin.net.gnutella-svc > hpms.sd57.bc.ca.2936: tcp 55 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
