Never used tcpdump but man that spams a lot…
anyway, seems I’m getting the same address from that:
17:07:54.556441 IP localhost.localdomain.36515 > hitronhub.home.domain: 46751+ A? theaudiodb.com. (32)
17:07:54.556457 IP localhost.localdomain.36515 > hitronhub.home.domain: 26794+ AAAA? theaudiodb.com. (32)
17:07:54.584882 IP hitronhub.home.domain > localhost.localdomain.36515: 46751 1/0/0 A 78.129.196.116 (48)
17:07:54.596708 IP hitronhub.home.domain > localhost.localdomain.36515: 26794 0/1/0 (93)
17:07:54.596846 IP localhost.localdomain.36126 > 78.129.196.116.http: Flags [S], seq 2104237017, win 64240, options [mss 1460,sackOK,TS val 2909849204 ecr 0,nop,wscale 7], length 0
17:07:54.596930 IP localhost.localdomain.37177 > hitronhub.home.domain: 44179+ PTR? 116.196.129.78.in-addr.arpa. (45)
17:07:54.598641 IP hitronhub.home.domain > localhost.localdomain.37177: 44179 NXDomain 0/0/0 (45)
17:07:54.629444 IP 78.129.196.116.http > localhost.localdomain.36126: Flags [S.], seq 2591336676, ack 2104237018, win 8192, options [mss 1420,nop,wscale 8,sackOK,TS val 382631848 ecr 2909849204], length 0
17:07:54.629478 IP localhost.localdomain.36126 > 78.129.196.116.http: Flags [.], ack 1, win 502, options [nop,nop,TS val 2909849236 ecr 382631848], length 0
17:07:54.629519 IP localhost.localdomain.36126 > 78.129.196.116.http: Flags [P.], seq 1:142, ack 1, win 502, options [nop,nop,TS val 2909849236 ecr 382631848], length 141: HTTP: GET / HTTP/1.1
17:07:54.668946 IP 78.129.196.116.http > localhost.localdomain.36126: Flags [P.], seq 1:396, ack 142, win 258, options [nop,nop,TS val 382631852 ecr 2909849236], length 395: HTTP: HTTP/1.1 301 Moved Permanently
17:07:54.668977 IP localhost.localdomain.36126 > 78.129.196.116.http: Flags [.], ack 396, win 501, options [nop,nop,TS val 2909849276 ecr 382631852], length 0
17:07:54.703993 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [S], seq 2806056158, win 64240, options [mss 1460,sackOK,TS val 2909849311 ecr 0,nop,wscale 7], length 0
17:07:54.734825 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [S.], seq 2266940451, ack 2806056159, win 8192, options [mss 1420,nop,wscale 8,sackOK,TS val 382631859 ecr 2909849311], length 0
17:07:54.734860 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 1, win 502, options [nop,nop,TS val 2909849342 ecr 382631859], length 0
17:07:54.736995 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [P.], seq 1:518, ack 1, win 502, options [nop,nop,TS val 2909849344 ecr 382631859], length 517
17:07:54.777398 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 1:1409, ack 518, win 258, options [nop,nop,TS val 382631863 ecr 2909849344], length 1408
17:07:54.777416 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 1409, win 501, options [nop,nop,TS val 2909849384 ecr 382631863], length 0
17:07:54.777847 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 1409:2817, ack 518, win 258, options [nop,nop,TS val 382631863 ecr 2909849344], length 1408
17:07:54.777856 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 2817, win 501, options [nop,nop,TS val 2909849385 ecr 382631863], length 0
17:07:54.808000 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], ack 518, win 258, options [nop,nop,TS val 382631866 ecr 2909849385], length 0
17:07:54.808185 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [P.], seq 2817:3792, ack 518, win 258, options [nop,nop,TS val 382631866 ecr 2909849385], length 975
17:07:54.808197 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 3792, win 501, options [nop,nop,TS val 2909849415 ecr 382631866], length 0
17:07:54.812927 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [P.], seq 518:736, ack 3792, win 501, options [nop,nop,TS val 2909849420 ecr 382631866], length 218
17:07:54.861947 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [P.], seq 3792:3867, ack 736, win 257, options [nop,nop,TS val 382631871 ecr 2909849420], length 75
17:07:54.861963 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 3867, win 501, options [nop,nop,TS val 2909849469 ecr 382631871], length 0
17:07:54.867472 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [P.], seq 736:933, ack 3867, win 501, options [nop,nop,TS val 2909849474 ecr 382631871], length 197
17:07:54.894310 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [P.], seq 3867:3920, ack 933, win 256, options [nop,nop,TS val 382631874 ecr 2909849474], length 53
17:07:54.894332 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 3920, win 501, options [nop,nop,TS val 2909849501 ecr 382631874], length 0
17:07:54.895087 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [P.], seq 933:1498, ack 3920, win 501, options [nop,nop,TS val 2909849502 ecr 382631874], length 565
17:07:54.930083 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 3920:5328, ack 1498, win 254, options [nop,nop,TS val 382631878 ecr 2909849502], length 1408
17:07:54.930306 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 5328:6736, ack 1498, win 254, options [nop,nop,TS val 382631878 ecr 2909849502], length 1408
17:07:54.930318 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 6736, win 501, options [nop,nop,TS val 2909849537 ecr 382631878], length 0
17:07:54.930557 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 6736:8144, ack 1498, win 254, options [nop,nop,TS val 382631878 ecr 2909849502], length 1408
17:07:54.930781 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 8144:9552, ack 1498, win 254, options [nop,nop,TS val 382631878 ecr 2909849502], length 1408
17:07:54.930791 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 9552, win 501, options [nop,nop,TS val 2909849538 ecr 382631878], length 0
17:07:54.965057 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [P.], seq 9552:11941, ack 1498, win 254, options [nop,nop,TS val 382631882 ecr 2909849538], length 2389
17:07:54.965112 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 11941, win 501, options [nop,nop,TS val 2909849572 ecr 382631882], length 0
17:07:54.969195 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [P.], seq 1498:1854, ack 11941, win 501, options [nop,nop,TS val 2909849576 ecr 382631882], length 356
17:07:55.017688 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [P.], seq 11941:12063, ack 1854, win 253, options [nop,nop,TS val 382631887 ecr 2909849576], length 122
17:07:55.058675 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 12063, win 501, options [nop,nop,TS val 2909849666 ecr 382631887], length 0
17:07:55.265404 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 12063:13471, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 1408
17:07:55.265429 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 13471, win 501, options [nop,nop,TS val 2909849872 ecr 382631912], length 0
17:07:55.265613 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 13471:14879, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 1408
17:07:55.265623 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 14879, win 501, options [nop,nop,TS val 2909849872 ecr 382631912], length 0
17:07:55.265664 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 14879:16287, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 1408
17:07:55.265674 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 16287, win 501, options [nop,nop,TS val 2909849873 ecr 382631912], length 0
17:07:55.265849 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 16287:17695, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 1408
17:07:55.265856 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 17695, win 501, options [nop,nop,TS val 2909849873 ecr 382631912], length 0
17:07:55.266036 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 17695:19103, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 1408
17:07:55.266042 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 19103, win 501, options [nop,nop,TS val 2909849873 ecr 382631912], length 0
17:07:55.266224 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 19103:21919, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 2816
17:07:55.266232 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 21919, win 495, options [nop,nop,TS val 2909849873 ecr 382631912], length 0
17:07:55.266598 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 21919:24735, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 2816
17:07:55.266604 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 24735, win 495, options [nop,nop,TS val 2909849873 ecr 382631912], length 0
17:07:55.266785 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 24735:26143, ack 1854, win 253, options [nop,nop,TS val 382631912 ecr 2909849666], length 1408
17:07:55.266791 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 26143, win 501, options [nop,nop,TS val 2909849874 ecr 382631912], length 0
17:07:55.294402 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 26143:27551, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 1408
17:07:55.294417 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 27551, win 501, options [nop,nop,TS val 2909849901 ecr 382631915], length 0
17:07:55.294724 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 27551:28959, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 1408
17:07:55.294731 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 28959, win 501, options [nop,nop,TS val 2909849902 ecr 382631915], length 0
17:07:55.294867 IP localhost.localdomain.36126 > 78.129.196.116.http: Flags [F.], seq 142, ack 396, win 501, options [nop,nop,TS val 2909849902 ecr 382631852], length 0
17:07:55.294949 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 28959:30367, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 1408
17:07:55.294956 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 30367, win 495, options [nop,nop,TS val 2909849902 ecr 382631915], length 0
17:07:55.295301 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 30367:31775, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 1408
17:07:55.295309 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 31775, win 501, options [nop,nop,TS val 2909849902 ecr 382631915], length 0
17:07:55.295488 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 31775:35999, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 4224
17:07:55.295495 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 35999, win 487, options [nop,nop,TS val 2909849902 ecr 382631915], length 0
17:07:55.295673 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [.], seq 35999:37407, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 1408
17:07:55.295680 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 37407, win 501, options [nop,nop,TS val 2909849903 ecr 382631915], length 0
17:07:55.295863 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [P.], seq 37407:43897, ack 1854, win 253, options [nop,nop,TS val 382631915 ecr 2909849874], length 6490
17:07:55.295870 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 43897, win 471, options [nop,nop,TS val 2909849903 ecr 382631915], length 0
17:07:55.296937 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [F.], seq 1854, ack 43897, win 501, options [nop,nop,TS val 2909849904 ecr 382631915], length 0
17:07:55.328070 IP 78.129.196.116.https > localhost.localdomain.51794: Flags [F.], seq 43897, ack 1855, win 253, options [nop,nop,TS val 382631918 ecr 2909849904], length 0
17:07:55.328093 IP localhost.localdomain.51794 > 78.129.196.116.https: Flags [.], ack 43898, win 501, options [nop,nop,TS val 2909849935 ecr 382631918], length 0
17:07:55.329270 IP 78.129.196.116.http > localhost.localdomain.36126: Flags [F.], seq 396, ack 143, win 258, options [nop,nop,TS val 382631918 ecr 2909849902], length 0
17:07:55.329292 IP localhost.localdomain.36126 > 78.129.196.116.http: Flags [.], ack 397, win 501, options [nop,nop,TS val 2909849936 ecr 382631918], length 0
seems to be everything from that wget request
/edit
Though what I’m wondering the whole time, why are we blocking the source
address? Isn’t the source me, because I send the request?
Tried
[tarulia@localhost]~% firewall-cmd --permanent --add-rich-rule="rule family='ipv4' destination address='78.129.196.116' drop" --zone=home
success
Same result