IPTraf: Non-IP (0x4) (52 bytes) from 00226bfe3e0d to 090007ffffff on eth4

networking

#1

I am trying to figure out what this means in IP traf

Non-IP (0x4) (52 bytes) from 00226bfe3e0d to 090007ffffff on eth4

What is this that keeps communicating to eth4 on one of my servers.
Havent seen this before.


#2

My best guess it is about non TCP/UDP IPv4/IPv6 traffic. These might be generated by local Unix sockets or something like that. You can turn it off.


#3

Sorry that I am totally blank on this topic.
I never encountered non-ip traffic and it just suddenly start popping up with nothing changed on the server.
I am more concerned with Non-IP traffic eventiually traversing my firewall.
Any pointers on how I can block all non-ip communications through firewall. I am not sure if firewalls are actually up to doing this as I never seen any iptables rules specifically for this.
Also
Can you give some pointers on how to switch it off on the local server as you referred to in your post ?


#4

No you are not hacked or anything. It is just showing NON-IP traffic. You must configure firewall to drop all incoming traffic and only open needed ports as per your requirements. For example, a web server might only allow port 80 and 443 (and 22).

How to disable Non-IP traffic

Go to Filters > Choose Non-IP > Make sure Non-IP not visible set to hide such traffic.
Screenshot%20from%202018-09-12%2011-03-03

HTH


#5

This is Non-IP traffic as it said.
00226bfe3e0d and 090007ffffff should be MAC address per my understanding.


#6

Yes they are mac addresseses but I am quite baffled how this started out of the blue with nothing new attached or installed. I will trace down which device is at the source MAC.


#8

Which flavor of firewall are your referring to in your example ?
I use IPCOP and I see no reference to non-ip traffic in IPCOP.
I will have to add it with iptables.