-3
+ 05:09:27.978249 IP 10.0.3.25 > 10.0.4.25: ICMP echo request, id 2604, seq 162, length 64
+ 05:09:27.978281 IP 10.0.4.25 > 10.0.3.25: ICMP echo reply, id 2604, seq 162, length 64
+ 05:09:27.979776 IP 10.0.4.25.45430 > google-public-dns-a.google.com.domain: 14148+ PTR? 25.4.0.10.in-addr.arpa. (40)
+ 05:09:27.981683 IP google-public-dns-a.google.com.domain > 10.0.4.25.45430: 14148 NXDomain 0/0/0 (40)
+ 05:09:27.981841 IP 10.0.4.25.46696 > google-public-dns-a.google.com.domain: 10797+ PTR? 25.3.0.10.in-addr.arpa. (40)
+ 05:09:27.983583 IP google-public-dns-a.google.com.domain > 10.0.4.25.46696: 10797 NXDomain 0/0/0 (40)
+ 05:09:27.983714 IP 10.0.4.25.60389 > google-public-dns-a.google.com.domain: 15771+ PTR? 8.8.8.8.in-addr.arpa. (38)
+ 05:09:27.995332 IP google-public-dns-a.google.com.domain > 10.0.4.25.60389: 15771 1/0/0 PTR google-public-dns-a.google.com. (82)
+ 05:09:28.979778 IP 10.0.3.25 > 10.0.4.25: ICMP echo request, id 2604, seq 163, length 64
+ 05:09:28.979825 IP 10.0.4.25 > 10.0.3.25: ICMP echo reply, id 2604, seq 163, length 64
+ 05:09:29.981257 IP 10.0.3.25 > 10.0.4.25: ICMP echo request, id 2604, seq 164, length 64
David Hoelzer
  • 15,862
  • 4
  • 48
  • 67
Avantika Singh
  • 31
  • 1
  • 6
  • did you try to read about this first before posting, as its very generic question please ask specific issue you are facing. – mdeora Jul 02 '18 at 10:35

1 Answers1

0

What I see is:

  • Host 10.0.3.25 pinging host 10.0.4.25 every second and host 10.0.4.25 responding. You do not show us the payload, but based on the size of 64, these appear to be completely normal ICMP ping requests and responses.
  • Host 10.0.4.25 performs a reverse lookup for its own address out to Google. Google, unsurprisingly, sends an NX domain (Non-Existent Domain) response. This is unsurprising since 10.0.0.0/8 is an RFC-1918 private address.
  • Host 10.0.4.25 next attempts a reverse lookup for 10.0.3.25. This also results in an unsurprising NXDomain response, for the same reason as above.
  • Host 10.0.4.25 performs a reverse lookup for Google's 8.8.8.8 name server. I have no evidence, but sort of suspect that this is triggered by running tcpdump without the -n options, which will force these lookups. in fact, I suspect that the DNS requests are purely the result of running tcpdump without -n and that the host on which tcpdump is being run is configured to use 8.8.8.8 as its name server.

Did you have a more specific question?

David Hoelzer
  • 15,862
  • 4
  • 48
  • 67