I don't know where I can find/read about the following? I want to analyse (to understand!) packet logging messages like: May 30 21:30:49 linux01 kernel: Packet log: input DENY eth0 PROTO=6 192.168.0.13:41347 192.168.0.255:80 L=40 S=0x00 I=56656 F=0x0000 T=42 (#6) Jun 2 07:54:53 linux01 kernel: Packet log: input ACCEPT ppp0 PROTO=6 161.69.2.60:20 203.167.198.33:1079 L=44 S=0x00 I=13493 F=0x4000 T=115 SYN (#92) Aug 8 08:14:27 linux01 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.13:123 192.168.0.255:123 L=76 S=0x00 I=18509 F=0x0000 T=64 (#5) A few things are obvious (ppp0 or eth0, linux01 is the host's name) but - What is the 'proto' number? - How to match the messages with the active firewall rules? - What is i.e.. (#5) or SYN? I know the 3rd of my examples above is a ntp broadcast, send from host 192.168.0.13 (port 123 I assume) to the subnet's broadcast address and the host himself (192.168.0.13) is rejecting the incoming broadcast package. Thanks for any help. Regards, Michael Doerner -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq