>>>>>>>>>>>> Mensaje original <<<<<<<<<<<<<<<<<<
El 8/8/00, 7:58:23 AM, "Michael Doerner"
I don't know where I can find/read about the following?
I want to analyse (to understand!) packet logging messages like:
May 30 21:30:49 linux01 kernel: Packet log: input DENY eth0 PROTO=6 192.168.0.13:41347 192.168.0.255:80 L=40 S=0x00 I=56656 F=0x0000 T=42 (#6)
Jun 2 07:54:53 linux01 kernel: Packet log: input ACCEPT ppp0 PROTO=6 161.69.2.60:20 203.167.198.33:1079 L=44 S=0x00 I=13493 F=0x4000 T=115 SYN (#92)
Aug 8 08:14:27 linux01 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.13:123 192.168.0.255:123 L=76 S=0x00 I=18509 F=0x0000 T=64 (#5)
A few things are obvious (ppp0 or eth0, linux01 is the host's name) but
- What is the 'proto' number? Proto means 'protocol', i.e. = TCP, UDP... (see /etc/protocols to see correspondence between numbers and protocols) - How to match the messages with the active firewall rules? Matching source and destination IP and port, protocol and interface. It seems that you have denied all access from the ethernet. - What is i.e.. (#5) or SYN? SYN means that that packet is an initialization message. It makes a connection. And I guess that the number is the number of the sequence of packages.
I know the 3rd of my examples above is a ntp broadcast, send from host 192.168.0.13 (port 123 I assume) to the subnet's broadcast address and the host himself (192.168.0.13) is rejecting the incoming broadcast package. To watch what the ports numbers refers to what protocol have a look to /etc/services.
Regards, Carlos
Thanks for any help.
Regards, Michael Doerner
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq