On Sat, 12 Nov 2005 20:15:18 -0600 "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> I am starting to see TONS of these things in my pflog > > Nov 12 19:50:58.030904 rule 48/(match) block in on tun0: > 63.219.179.130.13519 > 65.x.x.169.53: 47505+[|domain] > > Nov 12 19:51:08.037007 rule 48/(match) block in on tun0: > 63.219.179.130.13519 > 65.x.x.169.53: 59022+[|domain] > > I have a block of static IPs - but nothing is running on the .169 IP > and I dont understand this sorta thing. PF is doing its job just > fine...I guess I am looking for what these mean and if anyone knows > what this is. Why don't you use the options that tcpdump provides to decode what the queries are? Have a look at the "-v" option in tcpdump(8) (you will probably need to increase -s too). -d
