Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 1st April 2013
frcc frcc is offline
Don't Worry Be Happy!
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 131
Default understanding tcpdump

hi folks
am new to openbsd, but using it on our business server.
I have been using systat, pfctl, tcpdump and other tools to monitor
server logs as well as the apache logs.


following the following command

"sudo tcpdump -ttt -r /var/log/pflog port 22 |less"

if found one entry which puzzled me

"mar 31 14:33:44.484756 xxx.xxx.xxx.xxx:22 >xxx.xxx.xxx.xxx:80
R 0:0(0) ack 1 win 0(pf)"

i read this as ip xxx.xxx.xxx.xxx:22 connected to our webserver xxx.xxx.xxx.xxx:80
port 80

what made me curious was the :22 of the connecting machine. Does this mean that
the user or robot as xxx.xxx.xxx.xxx:22 simply was outgoing from their machine on
port 22 to my server at port 80???????????

we were curious because we block all p22 traffic from anywhere except our internal

what does R 0:0(0) ack 1 win 0(pf) mean ?????

yes have read man page for tcpdump (don't mind be pointed to more
neewbie docs that would help w/this)

any help appreciated
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Understanding and Community Ninguem Off-Topic 4 31st March 2012 01:22 AM
Help needed with understanding PF rules sparky OpenBSD Security 7 26th March 2012 09:07 PM
Understanding Fdisk, Slice, and the MBR (Master Boot Record) FBSD Guides 1 20th February 2010 08:33 PM
i would like to know about tcpdump chamnanpol FreeBSD General 8 17th September 2008 11:00 AM
Understanding the FreeBSD kernel TomAmundsen FreeBSD General 3 7th July 2008 02:48 PM

All times are GMT. The time now is 11:09 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick