understanding iptables logging
Kareem Shehata
kareem-d+8TeBu5bOew5LPnMra/2Q at public.gmane.org
Mon Jul 5 23:23:03 UTC 2004
On Mon, 2004-07-05 at 18:58, daniel wrote:
> i have a series of lines in /var/log/messages looking like this:
>
> Jul 5 18:53:26 fightclub kernel: [DROPPED (IN-eth0)]: IN=eth0 OUT=
> MAC=00:30:bd:1c:e0:a7:00:05:00:e3:ec:d6:08:00 SRC=220.168.36.17 DST=<myIP>
> LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=5656 DF PROTO=TCP SPT=3770 DPT=9898
> WINDOW=16384 RES=0x00 SYN URGP=0
>
> and it's kinda hard to google for "iptables df" so i was hoping someone here
> could explain just what all of the above abbreviations are. here's what i've
> got so far:
The fields are all taken directly from the IP header. In this case, I'm
guessing DF means that the Don't Fragment bit is set. Here's a quick
guide to the rest of it:
<http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/ip-packet.html>
HPH!
Kareem
--
/*********************************************************************
kareem-d+8TeBu5bOew5LPnMra/2Q at public.gmane.org - Kareem Shehata - 416-766-4911
--------------------------------------------------------------------
The most exciting phrase to hear in science, the one that
heralds new discoveries, is not "Eureka!" (I found it!) but
"That's funny ..."
-- Isaac Asimov
********************************************************************/
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list