On August 14, 2001 02:15 am, [EMAIL PROTECTED] wrote:
> Hi,
> Can someone tell me how to read packet log entries. I've turned on 'log
> all rejected packets' in System Properties - Alerts' and I've set audit
> for ICMP echo-request and redirect.
> I'd like to know what the logs tell me. Is this documented any where? I
> think what I'm seeing is benign but I don't really know.
> These are snippets from the log ...
>
>Aug 14 10:19:31 firewall kernel: Packet log: input DENY ppp0 PROTO=17
>203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=15725 F=0x0000 T=111
>(#37)
>Aug 14 13:09:30 firewall kernel: Packet log: input DENY ppp0 PROTO=6
>144.137.68.155:3890 144.137.117.45:80 L=48 S=0x00 I=15398 F=0x4000 T=125 SYN
>(#38)
You'd probably be better off posting to the 'newbie' mailing list, as this
one is for discussion of new features/cooker development of SNF, but
anyway.....
Start with the 'PROTO=' part, and look up what that port is for.. PROTO=17
could either be a Windows box announcing its shares, or it could be an HP
Openview request.
--
"Live fast, die young,
you're sucking up my bandwidth"
J.P. Pasnak, CD
Warped Systems
http://www.warpedsystems.sk.ca
http://canopener.ca
