Hello, Sthu Deus a écrit : > > I try to get UIDs of the processes that generate OUTPUT traffic: > > /sbin/iptables -A OUTPUT -j LOG --log-uid --log-prefix OUTPT-> > --log-level 2 > > But I do not get the UIDs: > > OUTPT->IN= OUT=br0 SRC=XXXX DST=ZZZZ LEN=52 TOS=0x00 > PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=48282 DPT=9001 WINDOW=842 > RES=0x00 ACK URGP=0
Is the UID missing for all packets or only for this one ? According to a quick test, it seems that the last ACK in a TCP connection does not have a UID (probably because the socket is closed). Packets generated by the kernel itself (TCP RST, ICMP messages...) do no have a UID. > Also, may You know the answer to my curiocity, Why I can not locate '-j > LOG' in above iptables rule at the end of the rule? - For iptables > complains about unknown '--log-uid'. - I understand that something is > then missing before the sufix, but from iptables man. it is not evident > to me what. --log-* are options to the LOG target, so iptables does not expect them before. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
