You are not logged in.
every 10 min in log , how to find it ?
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=111.230.189.174 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=26670 PROTO=UDP SPT=48415 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=193.182.111.12 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=41013 PROTO=UDP SPT=58538 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=52.231.114.183 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=11720 PROTO=UDP SPT=36595 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=108.61.73.243 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=48497 PROTO=UDP SPT=52458 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=108.61.73.244 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=48061 PROTO=UDP SPT=36891 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=129.250.35.250 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=4202 PROTO=UDP SPT=35338 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=65.100.46.166 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=42748 PROTO=UDP SPT=39821 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=129.250.35.251 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=24619 PROTO=UDP SPT=35890 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=139.143.5.31 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=25664 PROTO=UDP SPT=58972 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=193.57.144.50 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=35588 PROTO=UDP SPT=39445 DPT=123 LEN=56
[Tue Apr 2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=213.5.132.231 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=22459 PROTO=UDP SPT=58323 DPT=123 LEN=56
Offline
Looks like an typical NTP client workflow. Try Opensnitch to be sure.
Offline
kk@kkar4 ~ sudo systemctl status opensnitchd
opensnitchd.service - Application firewall OpenSnitch
Loaded: loaded (/usr/lib/systemd/system/opensnitchd.service; enabled; preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2024-04-07 09:41:25 CST; 18s ago
Docs: https://github.com/evilsocket/opensnitch/wiki
Process: 1728697 ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules (code=exited, status=1/FAILURE)
Main PID: 1728697 (code=exited, status=1/FAILURE)
CPU: 88ms
kk@kkar4 log tail -f opensnitchd.log
[2024-04-07 01:42:26] ERR Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26] ERR [eBPF]: Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26] WAR error starting ebpf monitor method: Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26] WAR Unable to set new process monitor (ebpf) method from disk: Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26] WAR Is opensnitchd already running?
[2024-04-07 01:42:26] !!! Error creating queue #0: Error -1 unbinding existing q handler from AF_INET protocol family: invalid argument
Offline
Did you install https://archlinux.org/packages/extra/x86_64/opensnitch/ or did you try to somehow manually install it?
That being said:
nmap -Pn 193.182.111.12
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-07 08:57 CEST
Nmap scan report for ntp1.flashdance.cx (193.182.111.12)
Host is up (0.048s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
13/tcp open daytime
37/tcp open time
113/tcp closed ident
Offline
sudo pikaur -Syu opensnitch-ebpf-module opensnitch
not work , then I remove ebpf :
sudo pikaur -Rs opensnitch-ebpf-module
not work , then I reinstall opensnitch :
sudo pacman -S opensnitch
get ERR:
[2024-04-07 01:42:26] ERR Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
Last edited by sevk (2024-04-17 03:16:44)
Offline
https://aur.archlinux.org/packages/open … ent-923084
tail n10000 /etc/opensnitchd/*.json
Offline