[j-nsp] Connection attempt from unconfigured session
Gustavo Rodrigues Ramos
gustavo at nexthop.com.br
Sat May 5 18:48:50 EDT 2012
Randy,
Works fine for me with "port 179 AND host ::ffff:222.77.14.229". I
would recommend using the "-e" option to display the src and dst mac
addresses.
Since the tcpdump on juniper platform usually catches only packets
routed to the RE, tcpdump shouldn't catch many packets and you should
be good with the "port 179" only.
Gustavo.
On Sat, May 5, 2012 at 6:46 PM, Randy Bush <randy at psg.com> wrote:
> i am getting a lot of these on my seattle internet exchange interface
>
> May 4 00:18:39 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::Ffff:222.77.14.229+40604
> May 4 00:23:36 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::ffff:222.77.14.229+20885
> May 4 00:23:38 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::ffff:222.77.14.229+38407
> May 4 00:28:35 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::ffff:222.77.14.229+47648
> May 4 00:28:37 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::ffff:222.77.14.229+43036
> May 4 00:33:35 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::ffff:222.77.14.229+11306
> May 4 00:33:37 rpd[1485]: rv_listen_accept: Connection attempt from unconfigured session: ::ffff:222.77.14.229+21558
>
> that looks like a mapped ipv4 address, except that 222.77.14.229 is
> chinanet fujian address and chinanet is not at the six as far as i can
> tell
>
> i wanna do a tcpdump to find the MAC of the other party. but i can not
> make sense of ::ffff:222.77.14.229 so i can put it in a tcpdump
> expression
>
> tcpdump -n -i fe-0/3/2.0 -XX port 179 host ?????
>
> any clues?
More information about the juniper-nsp
mailing list