View Single Post
  #4   (View Single Post)  
Old 5th November 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

A nameserver will LISTEN on both UDP and TCP.
Code:
$ ssh j65nko@192.168.222.10 'netstat -an -f inet'
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
ip         0      0  *.*                    *.*                    1
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  192.168.222.10.22      192.168.222.20.3160    ESTABLISHED
tcp        0      0  192.168.222.10.53      *.*                    LISTEN
tcp        0      0  127.0.0.1.587          *.*                    LISTEN
tcp        0      0  127.0.0.1.25           *.*                    LISTEN
tcp        0      0  *.22                   *.*                    LISTEN
tcp        0      0  127.0.0.1.8021         *.*                    LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp        0      0  10.0.0.200.30510       213.206.97.167.123    
udp        0      0  10.0.0.200.14501       80.101.175.193.123    
udp        0      0  192.168.222.10.123     *.*           
udp        0      0  192.168.222.10.53      *.* 
udp        0      0  *.514                  *.*
UDP is mainly used. If the answer of a nameserver doesn't fit into the 512 byte long UDP packet, the server will set the truncated bit. This is an indication for the client to redo the query, but this time using TCP for a complete, not truncated answer.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote