Weird tcpdump

Discussion in 'Tomato Firmware' started by devlin016, Oct 18, 2013.

  1. devlin016

    devlin016 Addicted to LI Member

    I was running tcpdump on my wan interface to see if I had tor configured properly and wasnt leaking any dns I was use this syntax tcpdump -pni vlan2 'port domain'

    and I saw this repeated a few times

    it looks like a spoof ipv6 address am I under some kind of attack? tor wasnt even running at this point.
  2. koitsu

    koitsu Network Guru Member

    There's nothing weird about what you see. did a DNS lookup of some sort (you did not include the lookup packet) to (a nameserver).'s response was an AAAA (IPv6) record that resolves to 2606:f200:0:7:bad:f00d:d00d:1. The record itself having a funny string/name in it ("0bad:f00d:d00d") is irrelevant.

    Nothing to see here, move along.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice