0

I keep seen this on my tcpdump output.. is prob something very simple and logical but I can't see to see any process with lsof or netstat doing a ICMP request to it's own 127.0.0.1 every 2-3 secs... anyone have any idea of what is creating this? thanks in advance..

tcpdump -i eth0 ! port 22  and ! port 2222 and proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
05:18:27.467081 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.467083 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.476988 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.476991 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.496957 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.496959 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.516949 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.516951 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 369
05:18:27.817068 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.817070 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.836987 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.836989 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.846966 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.846968 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.866970 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
05:18:27.866972 IP localhost.localdomain > localhost.localdomain: ICMP localhost.localdomain udp port 37064 unreachable, length 374
cfernandezlinux
  • 281
  • 4
  • 15
  • 2
    Actually ICMP seems to be the answer, not the request. The request was an UDP protocol request toward port 37064 on the local loop, and the ICMP answers tells that this port is not reachable, maybe the expected service is not listening or listening on another interface. – WhiteWinterWolf Mar 29 '15 at 12:18
  • thanks. is actually systemd network.. now why or what is trying to do is still unclear.. systemd-n 182 systemd-network 13u raw6 0t0 1869 00000000000000000000000000000000:003A->00000000000000000000000000000000:0000 st=07 – cfernandezlinux Mar 30 '15 at 07:29

1 Answers1

1

As per this StackExchange answer, you can find it using lsof by looking for st=07 on a raw socket:

# lsof -n | grep -i st=07
ping      19241            gowenfawr    3u      raw                         0t0     477269 00000000:0001->00000000:0000 st=07
# ps aux | grep 1924[1]
gowenfawr    19241  0.0  0.0   8596   832 pts/0    S+   07:26   0:00 ping localhost
#
Community
  • 1
gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • Thanks! is actually the systemd network.. wonder why is doing this.. systemd-n 182 systemd-network 13u raw6 0t0 1869 00000000000000000000000000000000:003A->00000000000000000000000000000000:0000 st=07 – cfernandezlinux Mar 30 '15 at 07:27