On Sun, 25 Feb 2001, Charles Farinella wrote:
> Can someone explain what this means?
Two someones already did, but I figured a detailed, element-by-element
explanation might also be useful. They posted the forest; this is the
trees. :-)
This message originates in: $LINUX_SOURCE/net/ipv4/ip_fw.c
> Feb 24 23:15:20 farinella kernel:
The usual: Timestamp, system name, from the kernel itself.
> Packet log:
From the IPCHAINS firewall code in the kernel. You will only see this
message when a packet matches a chain rule with the "log" bit set.
> input
Name of the chain; in this case, the built-in "input" chain.
> DENY
Action that was executed; in this case, the packaet was silently discarded.
(Well, silently other than this log message.)
> eth0
Interface the chain was running on; since this was the "input" chain, this
means the packet was recieved on eth0.
> PROTO=6
IP protocol 6, which is TCP. The other common ones are 1 (ICMP) and 17
(UDP). See /etc/protocols for a more complete list. Note that the term
"protocol" has a very specific meaning when talking about IP routing; it does
not include more generic usage like "File Transfer Protocol".
> 200.42.123.197:3539 66.30.88.130:12345
The source (originating) and destination (target) IP addresses and port
numbers.
In this case, the source address was 200.42.123.197, and the source port was
3539. The destination was 66.30.88.130, and the destination port was 12345.
> L=48
Length. The packet was 48 bytes long, including headers.
> S=0x00
ToS (Terms of Service) bits from the IP header.
> I=2994
IP packet identifier. Every host assigns a reasonably unique ID to each
packet it generates.
> F=0x4000
Fragment offset. IP allows over-large packets to be broken up into smaller
ones; this relates.
> T=108
TTL (Time To Live). IP uses this to limit router loops.
> SYN
This was a TCP packet with the SYN bit set and the ACK and FIN bits clear.
In other words, it was a packet requesting a new TCP session be opened.
> (#23)
It matched rule number 23 in the "input" chain. The first rule is rule
number one, not zero.
Hope this helps!
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
