Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] Various security questions
  • From: Rick Green <rtg@xxxxxxxx>
  • Date: Thu, 9 Aug 2001 00:07:45 -0400 (EDT)
  • Message-id: <Pine.LNX.4.21.0108082359001.15481-100000@xxxxxxxxxxxxxxx>
On Wed, 8 Aug 2001, John Marquardt wrote:

> case I'm not too worried about that. However, I've noticed a LOT of things
> like this in the log:
>
> Packet log: input ACCEPT eth0 PROTO=1 24.17.168.32:8 myip:0 L=43
>
> (or L=81, also 'myip' is my ip address, and not a quote from the log) and
> various other information from the log. My main question is what is port
> '0' used for?
That's an ICMP 'echo' request, also known as a 'ping'.
ICMP (proto=1) doesn't use ports like TCP and UDP do, so those positions
in the log are used for icmp message type (on the source address) and code
(on the destination address).

For future reference, the PROTO= values are documented in
/etc/protocols, the ports for TCP(6) and UDP(17) are documented in
/etc/services, and the ICMP(1) types and codes are in
/usr/src/linux/include/linux/icmp.h

--
Rick Green

"I have the heart of a little child, and the brain of a genius.
... and I keep them in a jar under my bed"


< Previous Next >
Follow Ups
References