1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Weird tcpdump

Discussion in 'Tomato Firmware' started by devlin016, Oct 18, 2013.

  1. devlin016

    devlin016 Networkin' Nut Member

    I was running tcpdump on my wan interface to see if I had tor configured properly and wasnt leaking any dns I was use this syntax tcpdump -pni vlan2 'port domain'

    and I saw this repeated a few times

    it looks like a spoof ipv6 address am I under some kind of attack? tor wasnt even running at this point.
  2. koitsu

    koitsu Network Guru Member

    There's nothing weird about what you see. did a DNS lookup of some sort (you did not include the lookup packet) to (a nameserver).'s response was an AAAA (IPv6) record that resolves to 2606:f200:0:7:bad:f00d:d00d:1. The record itself having a funny string/name in it ("0bad:f00d:d00d") is irrelevant.

    Nothing to see here, move along.

Share This Page