|
|
In article <42777b19$0$295$4d4eb98e@xxxxxxxxxxxxxxxxxxx>, Vincent Jaussaud
wrote:
>linux.lover2004@xxxxxxxxx wrote:
>> I am working on linux and i observe that i am getting some
>> 0.0.0.0 packets? I want to know who is sending those packets? Are they
>> sent by services running on my Linux box?
>There is no reason why a process should ever send packet with src IP set to
>0.0.0.0
0.0.0.0 usually means "I don't know my address" - as in
2131 Dynamic Host Configuration Protocol. R. Droms. March 1997.
(Format: TXT=113738 bytes) (Obsoletes RFC1541) (Updated by RFC3396)
(Status: DRAFT STANDARD)
3330 Special-Use IPv4 Addresses. IANA. September 2002. (Format:
TXT=16200 bytes) (Status: INFORMATIONAL)
>Or some sort of security tools using a spoofed IP.
Hmmm, I've never tried that with nmap, but it's not possible to establish
a TCP connection if there is a router involved, as most routers will
silently discard packets to that address, unless they are a DHCP forwarder.
>You should tcpdump your interfaces to see where these packets are coming
>from, and track them hop by hop, up to the real source.
Really wouldn't expect them to be going beyond the router, but tcpdump
(or similar) is the key.
Old guy
|
|