44.92.21.1.80 is not an IP address (An IPv4 address is 32bit long has exactly 4 numbers in it, not 5). It means 44.92.21.1 port 80 in the output of tcpdump.
44.92.21.1 exists and and serves a web page on port 80.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of kb9mwr@gmail.com Sent: Sunday, March 30, 2014 07:54 To: 44net@hamradio.ucsd.edu Subject: [44net] 195.146.144.9.80 oddness
(Please trim inclusions from previous messages) _______________________________________________ Weirdness:
I don't have a DNS entry for 44.92.21.1.80, as it is non existant on the network I feed. So how is it that I get constant activity from it?
Does anyone else get a lot of traffic from that IP address?
tcpdump -vvv -s0 -n proto ipencap
9515068, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 195.146.144.9.80 > 44.92.21.1.80: Flags [S], cksum 0x0a01 (correct), seq 186
tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \icmp
amprgw.sysnet.ucsd.edu > CPE-75-87-213-229.new.res.rr.com: IP (tos 0x0, ttl 81, id 33817, offset 0, flags [DF], proto TCP (6), length 52) sme.sk.http > hsmm-gw.kb9mwr.ampr.org.http: Flags [S], cksum 0xdff7 (correct), seq 1415087399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net