[CentOS] OT: what are all these probes from my firewall log????

Fri Aug 17 06:09:47 UTC 2012
John R Pierce <pierce at hogranch.com>

On 08/16/12 9:24 PM, Bobby wrote:
> On 08/17/2012 12:20 AM, John R Pierce wrote:
>> >the MAC address prefix on that DHCP thing is 00:23:EB which is
>> >Cisco...   and yes, ISP's frequently use private IP space for internal
>> >gateway networks.   they aren't routable on the public internet, they
>> >don't have to be, they are just used for routes within the ISP's WAN.
> Yup looks like the ISP is checking to see who's on.

you might just try something like...

     tcpdump -i eth0 -w udpdump.txt udp port 67 or udp port 68

and let that run for a few minutes, long enough to capture a few of 
these packets, then ctl-C it, and take that dumpfile and load it into 
wireshark (can do that on any system wireshark runs on) and see what it 
decodes the dhcp packets to actually be.

for instance, this is a DHCP 'renew' request (from the LAN side of my 

# tcpdump -i eth1 -vvv -n udp port 67 or udp port 68
tcpdump: listening on eth1
21:46:46.009596 > 
xid:0x9fb275f6 C: [|bootp] (ttl 128, id 31970, len 339)
21:46:46.013544 > 
xid:0x9fb275f6 C: Y: S: [|bootp] 
(ttl 64, id 16362, len 328)

2 packets received by filter
0 packets dropped by kernel

wireshark will do a much better job explaining the packets than tcpdump 

john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast