I'm investigatinmg a strnage hang with our NextCLoud instance and think it might be todo with a misconfigured hostname somewhere.
I thought of using tcpdump to look at what addresses/names are being referenced.
I ran the command tcpdump -i enp5s0 > /tmp/tcp.log for about 5 minutes.
When I looked at the output, I found strange addresses. I do not think is is anything todo with the issue, but I'm wonder if this is a cause for concern:
106.170.82.58.static-corp.jastel.co.th.35330
11:47:57.290753 IP 106.170.82.58.static-corp.jastel.co.th.35330 > cloud.XXXXXXXXX.net.ssh: Flags [S], seq 1154598226, win 42340, options [mss 1360,sackOK,TS val 2510725273 ecr 0,nop,wscale 11], length 0 1
zg-1220i-109.stretchoid.com.42597
11:50:25.043264 IP cloud.XXXXXX.net.ssh > zg-1220i-109.stretchoid.com.42597: Flags [S.], seq 1828794685, ack 1103199325, win 64240, options [mss 1460], length 0
- api.snapcraft.io.https*
11:50:24.962802 IP cloud.XXXXXX.net.48986 > api.snapcraft.io.https: Flags [.], ack 222012, win 2795, options [nop,nop,TS val 1961554452 ecr 3512315949], length 0
103.37.83.26.43824 (Listed as a known brute force attacker):
1:50:26.203026 IP cloud.XXXXXX.net.ssh > 103.37.83.26.43824: Flags [P.], seq 1697:1749, ack 1199, win 502, options [nop,nop,TS val 1492448763 ecr 2511812426], length 52
11:50:26.522299 IP 103.37.83.26.43824 > cloud.XXXXXX.net.ssh: Flags [P.], seq 1199:1251, ack 1749, win 148, options [nop,nop,TS val 2511815938 ecr 1492448763], length 52
bacdcb93.virtua.com.br.43782
11:50:14.786432 IP bacdcb93.virtua.com.br.43782 > cloud.XXXXXX.net.ssh: Flags [P.], seq 1047:1063, ack 1645, win 501, options [nop,nop,TS val 3954440590 ecr 2941860119], length 16
11:50:14.827272 IP cloud.XXXXXX.net.ssh > bacdcb93.virtua.com.br.43782: Flags [.], ack 1063, win 502, options [nop,nop,TS val 2941860404 ecr 3954440590], length 0
