[nSLUG] tcpdump qry: What does this mean?

Mike Spencer mspencer at tallships.ca
Wed Jan 14 02:43:22 AST 2004


On my humble dialup I have no firewall (RSN :-).  In an xterm, I run
tcpdump that ignores certain exchanges such as my requests to port 80,
replies from port 80 or DNS lookups.  I watch that and the
blinkenlights of an external modem for weirdness.

I spotted this a couple of nights ago:

    01:10:31.625722 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:31.715740 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:31.815722 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:32.025742 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:32.105716 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:32.175701 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:32.235700 0.0.0.0 > 0.0.0.0: ip-proto-0 536 [ttl 0]
    01:10:32.325687 0.0.0.0 > 0.0.0.0: ip-proto-0 453 [ttl 0]

I see a variety of probes, including a large number of icmp echo
requests from all over the net but I never saw that before.  Didn't
seem to be associated with any other anomalous traffic.  I didn't
notice whether RD/SD LEDs flickered or not.

What does that represent?  (Pointer to suitable RFC, URL or whatever
would be fine but the tcpdump manpage doesn't seem to answer the
question.) 

Tnx,
- Mike

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^

-- 





More information about the nSLUG mailing list