OK. Now things are making more sense. Because UDP is connectionless, many different protocols have taken to using it in their own special way. Your requests are ORIGINATING from udp port 68 and talking to the DHCP server on udp port 67, as it should be. In response, their server is reversing them. That is as it should be. The entries in /etc/services mean 67 is the port the server listens on, and 68 is the port the client does.
The responses On Sat, 13 Jul 2002 20:37:55 -0400 "Joel Hammer" <[EMAIL PROTECTED]> wrote: > I am sending out dhcp requests from my client machine on eth1 to > comcast. This only seems to happen when I start dhcpcd. The only traffic > I detect after I am connected is incoming, as noted below. That is, the > server is sending a broadcast packet to all clients listening on port > 68. AFAIK, no compliant client rfc2131 listens on port 68, they just use > it when they send out requests. This may be a wrong impression. Anyway, > my concern is that my dhcpcd client just sits there, looking like it is > doing something, but it never talks to the dhcp server at comcast except > at startup. Of course, it may be I am just not detecting the > intereaction, either via dhcpcd builtin logging or with my firewall. dhcpcd -d will produce the logs to syslog, which will normally stick them in /var/log/messages. What does "grep dhcpcd /var/log/messages" give you? If nothing, try "grep dhcpcd /var/log/*" and "grep dhcpcd /var/log/*/*" > > 7634 ? S 0:00 /sbin/dhcpcd -d -h > tow11dhcp210.towson01.md.comcast.n > yup: $ nslookup 68.33.11.210 210.11.33.68.in-addr.arpa name = tow11dhcp210.towson01.md.comcast.net. $ ping 68.33.11.210 PING 68.33.11.210 (68.33.11.210) from 172.16.21.20 : 56(84) bytes of data. 64 bytes from 68.33.11.210: icmp_seq=0 ttl=239 time=72.568 msec 64 bytes from 68.33.11.210: icmp_seq=1 ttl=239 time=58.871 msec > I have just requested my ip number several times. The only message I can > get with tcpdump is: > > 20:19:23.364117 0.0.0.0.68 > 255.255.255.255.67: xid:0xdea5d34d secs:5 > [|bootp] 20:19:23.403762 172.30.10.34 > 68.33.11.210: icmp: echo request > (DF) 20:19:23.508113 10.133.184.1.67 > 68.33.11.210.68: xid:0xdea5d34d > Y:68.33.11.210 S:172.30.10.35 [|bootp] [tos 0x80] 20:19:23.512957 > 0.0.0.0.68 > 255.255.255.255.67: xid:0xdea5d34d secs:5 [|bootp] > 20:19:23.572200 10.133.184.1.67 > 68.33.11.210.68: xid:0xdea5d34d > Y:68.33.11.210 S:172.30.10.35 [|bootp] [tos 0x80] 20:19:23.576663 arp > reply 68.33.11.210 is-at 0:e0:29:27:6c:fd (0:2:fc:80:e0:a8) Do you know anything more about the connected networks? Like what is in the 172.30.10 private IP range? What about the 10.133.184. private IP range? You're obviously handed out public IP addresses, which is good, but it looks like you have two different hosts interested in your IP address. One is obviously the dhcp server (10.133.184.1) but it looks as if the other one is doing some sort of polling as well. When an IP address has not been assigned, many dhcp servers will send out a ping to check if anyone has occupied that address before assigning it... but those pings generally come from the dhcp server itself. This sniff looks good. That is as it should be. > > Of interest, the outgoing packets are not being logged by my firewall, > which has the following rules in the output chain. > 0 0 ACCEPT udp ----l- 0xFF 0x00 eth1 0.0.0.0/0 0.0.0.0/0 * > -> 67:68 0 0 ACCEPT tcp ----l- 0xFF 0x00 eth1 0.0.0.0/0 > 0.0.0.0/0 * -> 67:68 > ok, so you are logging and accepting these packets at the firewall level. You should only need to accept udp packets, but it doesn't hurt AFAIK to allow tcp (although I am a fr34k about holes in the firewall). > So, I guess I have a bunch of questions: > Why no logging is one of them. > Aaagh. But, at least this seems to work, even though I am not > understanding all of it. > Joel My MDK box uses dhcpcd and in /etc/dhcpc/dhcpcd-eth0.info, the lease info is listed. You may have listed it already, but could you include that info? I'd like to see what it says as of today. Thanks, Matt _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
