Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Attack or casuality

Status
Not open for further replies.
JonasAC

JonasAC

Programmer
Aug 4, 2001
1
ES
I'm doing a tcpdump on my Linux. I have found this casuality:

21:43:25.369692 AA.health-polling > myhostN1.http: S 755173640:755173640(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
21:43:25.380730 myhostN1.http > AA.health-polling: S 2849552427:2849552427(0) ack 755173641 win 5840 <mss 1460,nop,nop,sackOK> (DF)
21:43:25.811892 AA.health-polling > myhostN1.http: . ack 1 win 17520 (DF)
21:43:25.815174 AA.health-polling > myhostN1.http: P 1:5(4) ack 1 win 17520 (DF)
21:43:25.815374 myhostN1.http > AA.health-polling: . ack 5 win 5840 (DF)
21:43:25.892665 AA.health-polling > myhostN1.http: P 5:1465(1460) ack 1 win 17520 (DF)
21:43:25.892873 myhostN1.http > AA.health-polling: . ack 1465 win 8760 (DF)
21:43:25.894587 myhostN1.http > AA.health-polling: P 1:581(580) ack 1465 win 8760 (DF)
21:43:25.895291 myhostN1.http > AA.health-polling: F 581:581(0) ack 1465 win 8760 (DF)
21:43:26.328632 AA.health-polling > myhostN1.http: . 1465:2925(1460) ack 1 win 17520 (DF)
21:43:26.367576 myhostN1.http > AA.health-polling: . ack 2925 win 11680 (DF)
21:43:26.369504 AA.health-polling > myhostN1.http: P 2925:4040(1115) ack 1 win 17520 (DF)
21:43:26.369650 myhostN1.http > AA.health-polling: . ack 4040 win 14600 (DF)
21:43:26.428245 AA.health-polling > myhostN1.http: R 755175105:755175105(0) win 0
21:43:28.887681 myhostN1.http > AA.health-polling: P 1:581(580) ack 4040 win 14600 (DF)
21:43:28.888824 myhostN2.health-polling > myhostN1.http: R 755177680:755177680(0) win 0
21:43:34.887639 myhostN1.http > AA.health-polling: P 1:581(580) ack 4040 win 14600 (DF)
21:43:34.888851 myhostN2.health-polling > myhostN1.http: R 755177680:755177680(0) win 0
21:43:46.887631 myhostN1.http > AA.health-polling: FP 1:581(580) ack 4040 win 14600 (DF)
21:43:46.888874 myhostN2.health-polling > myhostN1.http: R 755177680:755177680(0) win 0
21:44:10.887626 myhostN1.http > AA.health-polling: FP 1:581(580) ack 4040 win 14600 (DF)
21:44:10.888842 myhostN2.health-polling > myhostN1.http: R 755177680:755177680(0) win 0
21:44:58.887644 myhostN1.http > AA.health-polling: FP 1:581(580) ack 4040 win 14600 (DF)
21:44:58.888831 myhostN2.health-polling > myhostN1.http: R 755177680:755177680(0) win 0
21:46:34.887645 myhostN1.http > AA.health-polling: FP 1:581(580) ack 4040 win 14600 (DF)

myhostN1 is my host and myhostN2 is a another name for my host.
AA is the suspicious IP.
My machine connects to my machine in the port that the suspicious IP has connected.

Is this normal?

Thanks to all
Jonás
 
Status
Not open for further replies.

Similar threads

johngiggs
  • Locked
  • Question
Apache RewriteRule or RewriteCond
Replies
4
Views
225
feherke
feherke
chieftan
  • Locked
  • Question
Linux Script or Cronjob 1
Replies
6
Views
236
cmayo
cmayo
5kKate
  • Locked
  • Question
Grep or awk
Replies
2
Views
106
5kKate
5kKate
bobby320
  • Locked
  • Question
Disable WebDAV for get request or certain source IP's
Replies
0
Views
105
bobby320
bobby320
southbeach
  • Locked
  • Question
No such file or directory - yet, file is there
Replies
6
Views
297
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top