[lug] using tcpdump to emulate effects of packet dump

[George Sexton]

You put an entry in inetd.conf....

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of Jeffrey Siegal
Sent: Friday, July 18, 2003 5:52 PM
To: lug at lug.boulder.co.us
Subject: Re: [lug] using tcpdump to emulate effects of packet dump


D. Stimits wrote:
> Jeffrey Siegal wrote:
> 
>> D. Stimits wrote:
>>
>> > The linux side does not *always* break when port 1026 is blocked, but
>> > due to the way ports are used for DNS, sometimes name servers *do* use
>> > that port...it is a response to what the requesting box says is an
>> > open port when under linux. If by random chance a dns request has 1026
>> > open as the first udp port above 1023, then dns will hang.
>>
>>
>> You can get your linux box to always use port 53 for DNS requests if you
>> you want by running a caching nameserver locally and configuring it to
>> make requests on port 53.
> 
> 
> Port 53 is only one half of the communications...it is the *other* 
> port...the reply...that sometimes hits port 1026.

No, a caching nameserver can be configured to get its replies on port 
53, too.

>> I think you could do something with header rewriting that wouldn't
>> require an IP address; at least not a public one.
>>
> Remember, I want to write an app that fixes the broken windows behavior, 
> not a crutch that requires a second machine. Most people would rather 
> pay the extortion fee of byebyeads.com, rather than buy a second machine 
> and learn how to set up a caching proxy.

If you want to avoid port 1026 being allocated for a DNS reply, just 
allocate it yourself.  Write a service that allocates port 1026 and then 
just sits there forever.

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us port=6667 channel=#colug