View Single Post
  #7   (View Single Post)  
Old 3rd July 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

You have to configure a local nameserver that can do reverse name lookups. In other words: convert an IP address to it's name.

On my local network I have a nameserver which can do these kind of lookups. In the following example I ask for the name of the 192.168.222.10 address
Code:
$ dig -x 192.168.222.10            

; <<>> DiG 9.3.4 <<>> -x 192.168.222.10
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63082
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;10.222.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
10.222.168.192.in-addr.arpa. 604599 IN  PTR     parmenides.utp.xnet.

;; Query time: 1 msec
;; SERVER: 192.168.222.10#53(192.168.222.10)
;; WHEN: Fri Jul  4 00:59:43 2008
;; MSG SIZE  rcvd: 78
The answer is parmenides.utp.xnet.

That is why on my local subnet I can do what you want
Code:
tcpdump: listening on re0, link-type EN10MB
00:56:19.473722 hercules.utp.xnet.11467 > ntp.networking4all.com.ntp: v4 client strat 0 poll 0 prec 0 [tos 0x10]
00:56:19.484222 ntp.networking4all.com.ntp > hercules.utp.xnet.11467: v4 server strat 2 poll 0 prec -20 (DF)
00:56:20.114246 hercules.utp.xnet.8121 > parmenides.utp.xnet.domain: 58778+ PTR? 35.66.249.213.in-addr.arpa. (44)
00:56:25.123730 hercules.utp.xnet.37845 > parmenides.utp.xnet.domain: 58778+ PTR? 35.66.249.213.in-addr.arpa. (44)
00:56:25.136991 parmenides.utp.xnet.domain > hercules.utp.xnet.37845: 58778 1/0/0 (80)
00:56:25.137298 hercules.utp.xnet.40288 > parmenides.utp.xnet.domain: 46104+ PTR? 20.222.168.192.in-addr.arpa. (45)
00:56:25.137848 parmenides.utp.xnet.domain > hercules.utp.xnet.40288: 46104 1/0/0 (76)
00:56:26.134072 hercules.utp.xnet.47638 > parmenides.utp.xnet.domain: 39658+ PTR? 10.222.168.192.in-addr.arpa. (45)
00:56:26.135495 hercules.utp.xnet.9484 > parmenides.utp.xnet.domain: 57537+ A? parmenides.utp.xnet. (37)
00:56:26.136136 parmenides.utp.xnet.domain > hercules.utp.xnet.9484: 57537 1/0/0 A parmenides.utp.xnet (53)
00:56:26.136349 hercules.utp.xnet > parmenides.utp.xnet: icmp: echo request
00:56:26.136534 parmenides.utp.xnet > hercules.utp.xnet: icmp: echo reply
00:56:26.137082 parmenides.utp.xnet.domain > hercules.utp.xnet.47638: 39658 1/0/0 (78)
00:56:27.143727 hercules.utp.xnet > parmenides.utp.xnet: icmp: echo request
00:56:27.143863 parmenides.utp.xnet > hercules.utp.xnet: icmp: echo reply
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote