Weirdness:
I don't have a DNS entry for 44.92.21.1.80, as it is non existant on the network I feed. So how is it that I get constant activity from it?
Does anyone else get a lot of traffic from that IP address?
tcpdump -vvv -s0 -n proto ipencap
9515068, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 195.146.144.9.80 > 44.92.21.1.80: Flags [S], cksum 0x0a01 (correct), seq 186
tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \icmp
amprgw.sysnet.ucsd.edu > CPE-75-87-213-229.new.res.rr.com: IP (tos 0x0, ttl 81, id 33817, offset 0, flags [DF], proto TCP (6), length 52) sme.sk.http > hsmm-gw.kb9mwr.ampr.org.http: Flags [S], cksum 0xdff7 (correct), seq 1415087399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
44.92.21.1.80 is not an IP address (An IPv4 address is 32bit long has exactly 4 numbers in it, not 5). It means 44.92.21.1 port 80 in the output of tcpdump.
44.92.21.1 exists and and serves a web page on port 80.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of kb9mwr@gmail.com Sent: Sunday, March 30, 2014 07:54 To: 44net@hamradio.ucsd.edu Subject: [44net] 195.146.144.9.80 oddness
(Please trim inclusions from previous messages) _______________________________________________ Weirdness:
I don't have a DNS entry for 44.92.21.1.80, as it is non existant on the network I feed. So how is it that I get constant activity from it?
Does anyone else get a lot of traffic from that IP address?
tcpdump -vvv -s0 -n proto ipencap
9515068, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 195.146.144.9.80 > 44.92.21.1.80: Flags [S], cksum 0x0a01 (correct), seq 186
tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \icmp
amprgw.sysnet.ucsd.edu > CPE-75-87-213-229.new.res.rr.com: IP (tos 0x0, ttl 81, id 33817, offset 0, flags [DF], proto TCP (6), length 52) sme.sk.http > hsmm-gw.kb9mwr.ampr.org.http: Flags [S], cksum 0xdff7 (correct), seq 1415087399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
The same goes for 195.146.144.9.80.
It is a connection from 195.146.144.9 port 80 to > 44.92.21.1 port 80 froma a host called 'sme.sk'.
And there is no such thing like an address doesn't exist. Only that the hostname doesn't exist.
You get that error if you try to use '195.146.144.9.80' which as I said is invalid, because it has the port number concatenated to it. That NAME doesn't exist because it is just a string that does not resolve into a valid IP address.
73 de Marius, YO2LOJ
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Marius Petrescu Sent: Sunday, March 30, 2014 11:10 To: 'AMPRNet working group' Subject: Re: [44net] 195.146.144.9.80 oddness
(Please trim inclusions from previous messages) _______________________________________________ 44.92.21.1.80 is not an IP address (An IPv4 address is 32bit long has exactly 4 numbers in it, not 5). It means 44.92.21.1 port 80 in the output of tcpdump.
44.92.21.1 exists and and serves a web page on port 80.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of kb9mwr@gmail.com Sent: Sunday, March 30, 2014 07:54 To: 44net@hamradio.ucsd.edu Subject: [44net] 195.146.144.9.80 oddness
(Please trim inclusions from previous messages) _______________________________________________ Weirdness:
I don't have a DNS entry for 44.92.21.1.80, as it is non existant on the network I feed. So how is it that I get constant activity from it?
Does anyone else get a lot of traffic from that IP address?
tcpdump -vvv -s0 -n proto ipencap
9515068, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 195.146.144.9.80 > 44.92.21.1.80: Flags [S], cksum 0x0a01 (correct), seq 186
tcpdump -i eth0 -vvv host amprgw.sysnet.ucsd.edu or ip proto \icmp
amprgw.sysnet.ucsd.edu > CPE-75-87-213-229.new.res.rr.com: IP (tos 0x0, ttl 81, id 33817, offset 0, flags [DF], proto TCP (6), length 52) sme.sk.http > hsmm-gw.kb9mwr.ampr.org.http: Flags [S], cksum 0xdff7 (correct), seq 1415087399, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
kb9mwr@gmail.com -
Marius Petrescu