Re: Log entry deciphering

Derek Martin Thu, 10 Feb 2000 23:34:29 -0800
On Fri, 11 Feb 2000, Randy Edwards wrote:

>    Could someone point me in the direction of where I could find info on
> deciphering the following log entries and what the various fields in them
> mean?
> 
> Feb 10 18:04:08 spartacus kernel: Packet log: input DENY eth0 PROTO=17
> 216.64.120.51:1801 255.255.255.255:1801 L=80 S=0x00 I=1782 F=0x0000 T=128
> (#7)
> Feb 10 18:04:08 spartacus kernel: Packet log: input DENY eth0 PROTO=54
> 216.64.120.51:65535 255.255.255.255:65535 L=68 S=0x00 I=0 F=0x0000 T=30
> O=0x00000494
> (#7)

My guess is someone is running one of those "keep my network connection
alive" programs on your (ISP's) subnet.  

input = packet is being checked by the input chain.
DENY = the action that was taken (the packet was dropped)
eth0 = the interface it came in on... you've got a cable modem, or
       maybe DSL, no?
PROTO= the protocol number -- 17 = UDP, but I have no idea what 54 is...
       probably bogus.  Anyone?  
       ICMP=1
       TCP=6
       UDP=17
       There are others but I don't know them.
IP1: the source address and port of the packet
IP2: the destination address of the packet.  In this case, 255.255.255.255
     says "send to all hosts on the internet" - fortunately most routers
     aren't stupid enough to forward these packets.

I don't know what the rest of the information is... I'm guessing that L is
the packet length, S is the sequence number, but these are only guesses
and I haven't a clue about the others or where to look. But I suspect I've
given you enough info to figure out what you want to know...

-- 
"Quis custodiet ipsos custodes?"    "Who watches the watchmen?" 
-Juvenal, Satires, VI, 347 

Derek D. Martin      |  Senior UNIX Systems/Network Administrator
Arris Interactive    |  A Nortel Company
[EMAIL PROTECTED]  |  [EMAIL PROTECTED]
-------------------------------------------------


**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
Re: Log entry deciphering

Reply via email to
