I don't know the cause of it. The source of the packets seems to be 2.84.96.101, which as you mention is the address of the gateway registered to Demetre, SV1UY. You could write to him at demetre.sv1uy@gmail.com.
The packet dump shows that the encapsulated packets in question were
00:03:20.554371 IP (tos 0x0, ttl 221, id 279, offset 0, flags [none], proto unknown (93), length 276) 44.165.2.3 > 44.154.2.5: ip-proto-93 256
IP protocol 93 is AX.25 over IP. Could there be an AXIP link set up between those two hosts? It wouldn't be working since the packets are misrouted or misaddressed and amprgw is dropping them.
There were also encapsulated UDP packets showing related pairs of addresses:
06:33:55.192282 IP (tos 0x0, ttl 15, id 22444, offset 0, flags [none], proto UDP (17), length 60) 44.165.2.2.40984 > 44.154.0.4.33483: UDP, length 32 06:34:10.761959 IP (tos 0x0, ttl 1, id 35343, offset 0, flags [none], proto UDP (17), length 60) 44.165.2.2.59870 > 44.154.63.1.33440: UDP, length 32
I don't know what this is, as the UDP port numbers seem random. Could it be the old AXUDP linking protocol?
You can look at the actual error packets by downloading file
https://gw.ampr.org/private/errors/2.84.96.101.pcap
and use tcpdump or wireshark to look at them. Perhaps some clue is to be found inside the packet itself. Unfortunately, my tcpdump doesn't know how to decode the (probably) embedded AX.25 packets in the packet payload area. - Brian
On Tue, May 09, 2017 at 11:44:44AM +0200, SP2L Tom wrote:
Just spotted IP address of my JNOS 44.165.2.3 in file: https://gw.ampr.org/private/pkterrors.txt dated Tue May 9 02:15:01 2017 PDT [-0700] 2.84.96.101 44.165.2.3 79 [ 8] dropped: encap to encap Although 44.165.2.3 belongs to me I _DON'T_ have any link with 2.84.96.101 gateway and this public IP _ISN'T_ mine either because SV1UY is the owner of this IP. What's up, please? Best regards.
Tom - SP2L