[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Weird TCP dump

Subject: [ale] Weird TCP dump
From: mhirsch at nubridges.com (Michael D. Hirsch)
Date: Mon Sep 29 16:35:19 2003

anyone recognize this?  I'm getting really weird tcpdump logs from a box.  
I've put a representative sample below.  Why are things being sent on 
loopback with unusual addresses?  What is ip-proto-0?  Have I been hacked?

Thanks,

--Michael

15:58:43.165620 127.0.0.197 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.165761 127.0.0.112 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.165903 127.0.0.159 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166043 127.0.0.31 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166185 127.0.0.166 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166326 127.0.0.89 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE] 
15:58:43.166468 127.0.0.15 > 108.122.0.0:  ip-proto-0 0 (DF) [tos 0x7,ECT,CE]

Follow-Ups:
- [ale] Weird TCP dump
  - From: kaboom at gatech.edu (Chris Ricker)

Prev by Date: [ale] [WAY OT]Reverse Engineering MS Visual Basic Applications
Next by Date: [ale] Cisco VPN client question
Previous by thread: [ale] [WAY OT]Reverse Engineering MS Visual Basic Applications
Next by thread: [ale] Weird TCP dump
Index(es):
- Date
- Thread