[ILUG] help me wanda
Paul Jakma
paul at clubi.ie
Mon Sep 26 18:25:14 IST 2005
On Mon, 26 Sep 2005, conor at discuskeeping.com wrote:
> Getting these logs in messages, are they broadcasts or what?
Yes, of course.
> kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:75:82:3d:34:08:00 SRC=0.0.0.0
> DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=3407 PROTO=UDP SPT=68
> DPT=67 LEN=308
>
> SPT=68 which should be bootpc?
> DPT=67 whish is also bootpcs.
It's either BOOTP or DHCP - they both use same port. You'd need to
sniff the packets to tell difference (or just run dhcpd, it'll parse
the packets for you :) ).
> They are filling up the logs (custoemrs, not mine) and he has system
> instability.
>From a few little BOOTP/DHCP packets? Highly unlikely, unless there's
a few machines doing nothing but spewing out such packets (in which
case, everything else on that network would be suffering too). And
define 'system instability'?
> Just got the case but pointers would be nice today. I do not see
> anything else relevant in the messages file I have.
> Work that body.
Uhmm, no thanks :)
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
Anybody with money to burn will easily find someone to tend the fire.
More information about the ILUG
mailing list