syslog output ....

William A. Mahaffey III wam at hiwaay.net
Sun Oct 12 15:06:53 UTC 2014 


.... I did a 'pkg upgrade a few days ago (Oct 8). Since then I have been 
seeing messages like the following in my /var/log/messages file:



Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1839 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:2196 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1272 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:57294 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1001 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:4998 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:2135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1248 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:3006 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1666 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1862 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:5555 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:7911 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:8087 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:544 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:56738 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:8180 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:15000 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:8011 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1805 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:27356 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:49175 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:9009 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:2002 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:51493 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:65389 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1026 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:6001 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:2200 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:6101 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1058 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:406 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1322 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:10001 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:787 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:2030 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:8085 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:6502 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:41511 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:3030 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:49167 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:7435 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:7778 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1011 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1152 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:1717 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to 
[192.168.0.27]:2301 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:21 kabini1 kernel: TCP: [192.168.0.9]:43860 to 
[192.168.0.27]:1 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 09:08:23 kabini1 kernel: TCP: [192.168.0.9]:43860 to 
[192.168.0.27]:1 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port


I did an nmap of this machine this A.M., right about 9:08, from 
192.168.0.9, so I think that's what prompted the output. I have done 
that nmap in the past, w/ no such output in my messages file. What 
changed so that I am now seeing it ? How can I trim it down such that it 
ignores other boxen on my LAN ? Before the nmap, I had:


Oct  9 03:03:05 kabini1 kernel: TCP: [127.0.0.1]:33651 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct  9 03:03:35 kabini1 kernel: TCP: [127.0.0.1]:46424 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct  9 04:31:02 kabini1 kernel: TCP: [127.0.0.1]:39302 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct  9 04:55:09 kabini1 kernel: TCP: [127.0.0.1]:35438 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 10 03:03:06 kabini1 kernel: TCP: [127.0.0.1]:42452 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 10 03:03:36 kabini1 kernel: TCP: [127.0.0.1]:35490 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 10 04:31:03 kabini1 kernel: TCP: [127.0.0.1]:10883 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 10 04:55:09 kabini1 kernel: TCP: [127.0.0.1]:29976 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 11 03:03:04 kabini1 kernel: TCP: [127.0.0.1]:31176 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 11 03:03:34 kabini1 kernel: TCP: [127.0.0.1]:58845 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 11 04:15:22 kabini1 kernel: TCP: [127.0.0.1]:53631 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 11 04:31:02 kabini1 kernel: TCP: [127.0.0.1]:57289 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 11 04:55:03 kabini1 kernel: TCP: [127.0.0.1]:64800 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 03:03:07 kabini1 kernel: TCP: [127.0.0.1]:31921 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 03:03:37 kabini1 kernel: TCP: [127.0.0.1]:12746 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 04:31:02 kabini1 kernel: TCP: [127.0.0.1]:65525 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port
Oct 12 04:55:03 kabini1 kernel: TCP: [127.0.0.1]:40810 to 
[127.0.0.1]:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to 
closed port


apparently from cron jobs I have scheduled @ ~3:00 A.M. & ~4:00 A.M. on 
the local machine, i.e. it squawks about stuff from both other LAN boxen 
& from onboard jobs .... The output from the nmap is obviously 
voluminous & washes other output out of quick view (tail -50 
/var/log/messages). The other output will get annoying, since it is 
harmless. I would like to hear from other machines not on my LAN, 
however. Any advice appreciated. TIA ....

-- 

	William A. Mahaffey III

  ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.

More information about the freebsd-questions mailing list