On Tuesday 01 October 2002 23.27, Ben Rosenberg wrote:
Can someone recommend a document that will give me a heads up on how to read the output of iptables that's not 4 inches thick? ;)
Example:
Oct 1 14:21:32 zeus kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:10:4b:10:69:c1:00:20:6f:13:82:d2:08:00 SRC=61.195.156.12 DST=64.0.161.154 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=10094 DF PROTO=TCP SPT=1332 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A03E4463C0000000001030300)·
I found the output from ipchains much easier to read. It was more "this is the ip of the attacker..this is the port their coming from and this is the port their trying to gain access to.." but iptables seems different to me.
SUSE-FW-DROP-DEFAULT = Log title produced by the SuSEfirewall2 script describing the action taken IN = interface the packet came in on OUT= interface packet went out on. In this case, nada MAC=Combined mac address of sender and recipient SRC= Source IP. "this is the ip of the attacker" DST = Destination IP LEN, TOS, PREC, TTL, ID = various stuff in the TCP/IP headers PROTO = protocol of the packet SPT= Source port "this is the port they're coming from" DPT = Destination Port "this is the port they're trying to gain access to" WINDOW, RES = more packet header stuff SYN = The packet was a SYN packet, i.e. the first packet in a TCP negotiation. The details of the header fields can be found in the RFC documents on TCP and IP (http://www.faqs.org/rfcs/rfc793.html, http://www.faqs.org/rfcs/rfc791.html). //Anders