nono, As in I got it from here on out... Spent the day over this one, some clever whatnot's, to remove it.
KS - KasperSky.
Just Give Me the Beans!
nono, As in I got it from here on out... Spent the day over this one, some clever whatnot's, to remove it.
KS - KasperSky.
Just Give Me the Beans!
just one small other thing I see here,
What could this be, its spamming really fast. I have no idea what 192.168.19.22 is but I see its a private IP. it does not reply to a ping or nslookup.Code:2021-12-02 15:09:43.879437 IP 192.168.0.25.53630 > 192.168.0.19.22: Flags [.], ack 346472688, win 63104, length 0 2021-12-02 15:09:43.879452 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346472880:346473072, ack 512001, win 65535, length 192 2021-12-02 15:09:43.879495 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473072:346473248, ack 512001, win 65535, length 176 2021-12-02 15:09:43.879524 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473248:346473440, ack 512001, win 65535, length 192 2021-12-02 15:09:43.879580 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473440:346473824, ack 512001, win 65535, length 384 2021-12-02 15:09:43.879641 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473824:346474016, ack 512001, win 65535, length 192 2021-12-02 15:09:43.879691 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346474016:346474208, ack 512001, win 65535, length 192 2021-12-02 15:09:43.879741 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346474208:346474400, ack 512001, win 65535, length 192
update: oh I think its my ssh connection. as a result of running tcpdump -n -tttt -i enp3s5
Last edited by ulao3; December 2nd, 2021 at 04:32 PM.
Ubuntu Member
You don't know what 192.168.0.19 is? I can not help with that, because as you say it is on your LAN. The port involved is SSH, port 22.Originally Posted by ulao3
Just a guess below:
Might you just so happen to have an SSH session open between 192.168.0.25 (client) and 192.168.0.19 (server)? And are you running tcpdump via a terminal on 192.168.0.25? If yes, then you are flooding yourself as tcpdump captures the traffic and then sends it to the client, creating an infinite loop.
I always communicate with my servers via ssh, and have to make sure to avoid this situation via a "not host". Example:
otherwise (very fast):Code:doug@s19:~/temp-k-git/linux$ sudo tcpdump -n -tttt -i br0 not host 192.168.111.122 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes 2021-12-02 07:33:18.529276 ARP, Request who-has 192.168.111.4 (ff:ff:ff:ff:ff:ff) tell 192.168.111.58, length 46 2021-12-02 07:33:19.705503 ARP, Request who-has 192.168.111.136 (ff:ff:ff:ff:ff:ff) tell 192.168.111.58, length 46 2021-12-02 07:33:19.705555 ARP, Reply 192.168.111.136 is-at 3c:7c:3f:0d:99:83, length 28 ^C 3 packets captured 3 packets received by filter 0 packets dropped by kernel
EDIT: or:Code:2021-12-02 07:34:17.745493 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [.], ack 1378048, win 8209, length 0 2021-12-02 07:34:17.745525 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378220:1378548, ack 757, win 501, length 328 2021-12-02 07:34:17.745573 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378548:1378720, ack 757, win 501, length 172 2021-12-02 07:34:17.745621 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378720:1378892, ack 757, win 501, length 172 2021-12-02 07:34:17.745719 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378892:1379064, ack 757, win 501, length 172 2021-12-02 07:34:17.745731 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [P.], seq 757:793, ack 1378048, win 8209, length 36 2021-12-02 07:34:17.745731 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [.], ack 1378720, win 8212, length 0 ^C 8335 packets captured 8337 packets received by filter 0 packets dropped by kernelCode:$ sudo tcpdump -n -tttt -i br0 not port 22
Last edited by Doug S; December 2nd, 2021 at 04:47 PM.
Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.
Just Give Me the Beans!
Of course I know what that is.You don't know what 192.168.0.19 is?
I said
I have no idea what 192.168.19.22 isdid you miss my updateMight you just so happen to have an SSH session open between 192.168.0.25 (client) and 192.168.0.19 (server)??
update: oh I think its my ssh connection. as a result of running tcpdump -n -tttt -i enp3s5
Ubuntu Member
Yes, I guess I was already writting my reply when you updated.Of course I know what that is.
I said
did you miss my update
I had assumed 192.168.19.22 was a typo and you had meant to write 192.168.0.19.
Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.
Posting Permissions
Adv Reply
Bookmarks