Re: What process is sending these UPD packets?

[Martin Bialasinski]

* Michael == Michael Laing [EMAIL PROTECTED] wrote:

Michael I have a slink server which runs samba (smbd, nmdb), named,
Michael and xntpd as well as an IP masquerade for a bunch of internal
Michael windoz machines.

Michael IP fw-in deny eth1 UDP 192.168.0.1:1033 255.255.255.255:1478
Michael L=329 S=0x00 I=64386 F=0x T=128 (repeated many times)

This looks like the windows clients broadcasting through the
net. Check the documentation in the samba and/or samba-doc
package. There should be info how to kill this.

Ciao,
Martin

What process is sending these UPD packets?

[Michael Laing]

I have a slink server which runs samba (smbd, nmdb), named, and xntpd as
well as an IP masquerade for a bunch of internal windoz machines.

A few weeks ago I started getting bursts of UDP packets every 30 seconds
or so which are rejected by the standard firewall and clog up my
/var/log/messages file to the tune of several MB daily.

Here's what they look like from 'dmesg':

IP fw-in deny eth1 UDP 192.168.0.1:1033 255.255.255.255:1478 L=329
S=0x00 I=64386 F=0x T=128
(repeated many times)

Here they are from /var/log/messages:

Aug  1 11:27:37 myhostname kernel: IP fw-in deny eth1 UDP
192.168.0.1:1033 255.255.255.255:1478 L=329 S=0x00 I=51847 F=0x
T=128 
(repeated many times)

Using 'tcpdump -i eth1 udp' I see:

11:33:01.485932 myexternalhostalias.ucook.com.1033 
255.255.255.255.1478: udp 301
(repeated 12 more times in each burst)

'lsof' doesn't help me find out what started sending these, at least I
can't figure it out.

Does anyone know what sends these? Or know how to find out?

Or how to get it to stop? Or just how to not clog the log??

Thanks,
ml