Originally Posted by
ulao3
What could this be, its spamming really fast. I have no idea what 192.168.0.19.22 is but I see its a private IP. it does not reply to a ping or nslookup.
You don't know what 192.168.0.19 is? I can not help with that, because as you say it is on your LAN. The port involved is SSH, port 22.
Just a guess below:
Might you just so happen to have an SSH session open between 192.168.0.25 (client) and 192.168.0.19 (server)? And are you running tcpdump via a terminal on 192.168.0.25? If yes, then you are flooding yourself as tcpdump captures the traffic and then sends it to the client, creating an infinite loop.
I always communicate with my servers via ssh, and have to make sure to avoid this situation via a "not host". Example:
Code:
doug@s19:~/temp-k-git/linux$ sudo tcpdump -n -tttt -i br0 not host 192.168.111.122
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
2021-12-02 07:33:18.529276 ARP, Request who-has 192.168.111.4 (ff:ff:ff:ff:ff:ff) tell 192.168.111.58, length 46
2021-12-02 07:33:19.705503 ARP, Request who-has 192.168.111.136 (ff:ff:ff:ff:ff:ff) tell 192.168.111.58, length 46
2021-12-02 07:33:19.705555 ARP, Reply 192.168.111.136 is-at 3c:7c:3f:0d:99:83, length 28
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
otherwise (very fast):
Code:
2021-12-02 07:34:17.745493 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [.], ack 1378048, win 8209, length 0
2021-12-02 07:34:17.745525 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378220:1378548, ack 757, win 501, length 328
2021-12-02 07:34:17.745573 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378548:1378720, ack 757, win 501, length 172
2021-12-02 07:34:17.745621 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378720:1378892, ack 757, win 501, length 172
2021-12-02 07:34:17.745719 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378892:1379064, ack 757, win 501, length 172
2021-12-02 07:34:17.745731 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [P.], seq 757:793, ack 1378048, win 8209, length 36
2021-12-02 07:34:17.745731 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [.], ack 1378720, win 8212, length 0
^C
8335 packets captured
8337 packets received by filter
0 packets dropped by kernel
EDIT: or:
Code:
$ sudo tcpdump -n -tttt -i br0 not port 22
Bookmarks