Analyze the output

From: Ali Rafeek (arafeek_at_hotmail.com)
Date: 11/26/03

• Next message: Robert Newson: "Re: Figuring out what's filling up my /httpd/error_logs"
• Previous message: Olav Pettershagen: "Re: Wireless LAN - Now convinced Linux has a LONG way to go."
• Next in thread: Sybren Stüvel: "Re: Analyze the output"
• Reply: Sybren Stüvel: "Re: Analyze the output"
• Reply: david walcroft: "Re: Analyze the output"
• Reply: Thomas: "Re: Analyze the output"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 26 Nov 2003 12:09:17 -0800

Hi,

Can someone analyze the following output from the /var/log/messages of
a RH 9, I am running an IPTABLE Masquerading service, this output
repeats several times a day, and during that time, I loose the
translation service for around 5 minutes, I will be very gratefull if
someone can guide me on what is happening, and why do I loose the
service, and how do I resolve it. Thanks alot.

Ali Rafeek

---------------------------------------------------------------------------------

Nov 26 19:36:19 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=2010 PROTO=UDP
SPT=1028 DPT=53 LEN=39
Nov 26 19:36:20 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=2013 PROTO=UDP
SPT=1028 DPT=53 LEN=39
Nov 26 19:36:22 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.144 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=2015 PROTO=UDP
SPT=1028 DPT=53 LEN=39
Nov 26 19:36:22 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=2016 PROTO=UDP
SPT=1028 DPT=53 LEN=39
Nov 26 19:36:26 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.144 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=2019 PROTO=UDP
SPT=1028 DPT=53 LEN=39
Nov 26 19:36:26 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=2020 PROTO=UDP
SPT=1028 DPT=53 LEN=39
Nov 26 19:36:42 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2040 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:43 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2041 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:44 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2043 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:46 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.144 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2046 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:46 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2047 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:50 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.144 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2050 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:50 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.13
DST=213.156.32.145 LEN=62 TOS=0x00 PREC=0x00 TTL=127 ID=2051 PROTO=UDP
SPT=1028 DPT=53 LEN=42
Nov 26 19:36:58 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=66.163.172.80 LEN=88 TOS=0x00 PREC=0x00 TTL=127 ID=29664
DF PROTO=TCP SPT=1577 DPT=5050 WINDOW=64220 RES=0x00 ACK PSH URGP=0
Nov 26 19:37:00 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=66.163.172.80 LEN=88 TOS=0x00 PREC=0x00 TTL=127 ID=29665
DF PROTO=TCP SPT=1577 DPT=5050 WINDOW=64220 RES=0x00 ACK PSH URGP=0
Nov 26 19:37:02 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=66.163.172.80 LEN=88 TOS=0x00 PREC=0x00 TTL=127 ID=29666
DF PROTO=TCP SPT=1577 DPT=5050 WINDOW=64220 RES=0x00 ACK PSH URGP=0
Nov 26 19:37:06 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=66.163.172.80 LEN=88 TOS=0x00 PREC=0x00 TTL=127 ID=29669
DF PROTO=TCP SPT=1577 DPT=5050 WINDOW=64220 RES=0x00 ACK PSH URGP=0
Nov 26 19:37:14 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=66.163.172.80 LEN=88 TOS=0x00 PREC=0x00 TTL=127 ID=29674
DF PROTO=TCP SPT=1577 DPT=5050 WINDOW=64220 RES=0x00 ACK PSH URGP=0
Nov 26 19:37:30 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29681
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:31 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29682
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:32 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29683
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:34 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29686
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:34 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29687
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:38 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29690
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:38 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=29691
PROTO=UDP SPT=1066 DPT=53 LEN=43
Nov 26 19:37:45 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29694
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:37:46 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29695
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:37:47 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29696
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:37:49 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29699
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:37:49 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29700
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:37:53 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29703
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:37:53 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29704
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:00 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29707
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:01 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29708
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:02 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29709
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:04 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29712
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:04 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29713
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:08 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29716
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:08 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29717
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:15 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29720
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:16 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29721
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:17 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29722
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:19 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29725
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:19 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29726
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:23 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29729
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:23 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29730
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:30 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29733
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:31 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29734
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:32 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29735
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:34 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29738
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:34 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29739
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:38 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29743
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:38 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29744
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:45 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29747
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:46 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29748
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:47 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29749
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:49 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29752
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:49 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29753
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:53 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.144 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29756
PROTO=UDP SPT=1066 DPT=53 LEN=44
Nov 26 19:38:53 Firewall2 kernel: IN=eth0 OUT=eth0 SRC=10.1.3.2
DST=213.156.32.145 LEN=64 TOS=0x00 PREC=0x00 TTL=127 ID=29757
PROTO=UDP SPT=1066 DPT=53 LEN=44

---

• Next message: Robert Newson: "Re: Figuring out what's filling up my /httpd/error_logs"
• Previous message: Olav Pettershagen: "Re: Wireless LAN - Now convinced Linux has a LONG way to go."
• Next in thread: Sybren Stüvel: "Re: Analyze the output"
• Reply: Sybren Stüvel: "Re: Analyze the output"
• Reply: david walcroft: "Re: Analyze the output"
• Reply: Thomas: "Re: Analyze the output"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux  > 2003-11