Re: udp or tcp?
On Sun, Sep 24, 2000 at 03:30:28PM +0200, Sven Burgener wrote: Hello Is the following a tcp or a udp packet? How do I tell? Sep 24 15:20:25 host kernel: Packet log: input DENY eth0 \ PROTO=17 10.209.80.109:68 255.255.255.255:67 \ L=576 S=0x00 I=9145 F=0x4000 T=32 (#11) This seems to be a broadcast by the DHCP server of my cable provider, right? $ grep 17 /etc/protocols # from: @(#)protocols 5.1 (Berkeley) 4/17/89 udp 17 UDP # user datagram protocol $ grep '\6[78]/' /etc/services bootps 67/tcp # BOOTP server bootps 67/udp bootpc 68/tcp # BOOTP client bootpc 68/udp It's udp broadcast of DHCP _client_. Mirek
Re: udp or tcp?
Sep 24 15:20:25 host kernel: Packet log: input DENY eth0 \ PROTO=17 10.209.80.109:68 255.255.255.255:67 \ L=576 S=0x00 I=9145 F=0x4000 T=32 (#11) proto=17 - look at /etc/protocols - yes, udp This seems to be a broadcast by the DHCP server of my cable provider, right? :68 - look at /etc/services - bootp - similar to dhcp. regards -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- Real programmers don't comment their code. It was hard to write, it should be hard to understand. -- Become part of the world's biggest computer cluster - join http://www.distributed.net/
Re: udp or tcp?
On Sun, Sep 24, 2000 at 03:30:28PM +0200, Sven Burgener wrote: Is the following a tcp or a udp packet? How do I tell? Sep 24 15:20:25 host kernel: Packet log: input DENY eth0 \ PROTO=17 10.209.80.109:68 255.255.255.255:67 \ L=576 S=0x00 I=9145 F=0x4000 T=32 (#11) The key here is the PROTO= part: [EMAIL PROTECTED]:pts/2:~]$ grep udp /etc/protocols udp 17 UDP # user datagram protocol [EMAIL PROTECTED]:pts/2:~]$ grep tcp /etc/protocols tcp 6 TCP # transmission control protocol This seems to be a broadcast by the DHCP server of my cable provider, right? 67 == BOOTP server, 68 == BOOTP client. It appears to be a machine (10.209.80.109) broadcasting a request for an IP address (DHCP). -jg -- Jeremy L. Gaddis [EMAIL PROTECTED]
Re: udp or tcp?
On Sun, Sep 24, 2000 at 05:33:09PM +0200, Oswald Buddenhagen wrote: Sep 24 15:20:25 host kernel: Packet log: input DENY eth0 \ PROTO=17 10.209.80.109:68 255.255.255.255:67 \ L=576 S=0x00 I=9145 F=0x4000 T=32 (#11) proto=17 - look at /etc/protocols - yes, udp This seems to be a broadcast by the DHCP server of my cable provider, right? :68 - look at /etc/services - bootp - similar to dhcp. Thanks, good answer. Sven -- Windows does *not* have bugs. It just develops random features.
Re: udp or tcp?
On Sun, Sep 24, 2000 at 10:57:06AM -0500, Jeremy Gaddis wrote: [snip protocol stuff] Thanks, informative. This seems to be a broadcast by the DHCP server of my cable provider, right? 67 == BOOTP server, 68 == BOOTP client. It appears to be a machine (10.209.80.109) broadcasting a request for an IP address (DHCP). Yes, because the packet is destined for the /server/ port, right. I will just ignore such packets (silently because I hate them appearing all over the logs). Sven -- Windows does *not* have bugs. It just develops random features.
