Shedding some light on the LOG_NONE oddity

From: Anthony Rumble <[email protected]>
Date: Tue, 19 Nov 1996 11:56:16 +1100 (EST)

As I was seeing the wierd LOG_NONE messages turning up.. I decided
to run tcpdump on port 8080 just to see what was going on..
(And to find out if it was possible a spoofing attempt)..

One thing is for sure.. it's not spoofing..

This is the squid access log..

848364366.813 1 0.153.67.0 LOG_NONE/000 0 NONE - - NONE/-
848364366.874 0 4.0.0.0 LOG_NONE/000 0 NONE - - NONE/-
848364366.874 107 0.144.67.0 LOG_NONE/000 0 NONE - - NONE/-

This is the tcpdump

00:46:06.645550 enterprise_local.8080 > jaunitavw.1098: S 3857294628:3857294628(0) ack 1464208 win 14335 <mss 1436>
00:46:06.676136 enterprise_local.8080 > jaunitavw.1099: S 3857322968:3857322968(0) ack 1464244 win 14335 <mss 1436>
00:46:06.695455 enterprise_local.8080 > jaunitavw.1100: S 3857345847:3857345847(0) ack 1464256 win 14335 <mss 1436>

Unfortunately I didn't capture the other end of the dump

This machine is a Win95 machine.. Maby a bug in the Win95 tcp layer? Thats
causing this?

-- 
Anthony Rumble - aka SmilieZ
Mobile 015-955-042 Pager 016-634-997
Interactive Infotainment Systems Pty. Ltd.
Home Page/PGP key http://www.infotainment.com.au/
Received on Mon Nov 18 1996 - 16:57:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:34 MST