Jim:
Heya. Your captured packet looks to be a syslog packet
that some firewalls can be setup to broadcast. That is, when
a PIX (for example) firewall sees an event that worries it,
it can log the event and then broadcast to a "syslog collector"
like the one from Kiwi Software (www.kiwisyslog.com). That
collector can then display to the network admin the "event
status" of multiple machines simultaneously.
Anyhow...the "syslog protocol" collectors are specified
to listen on UDP port 514. See RFC-3164 for more details (find
it here: ftp://ftp.rfc-editor.org/in-notes/rfc3164.txt).
cheers,
Scott
> From: "Jim Van Eeckhoutte" <[EMAIL PROTECTED]>
> To: "," <[EMAIL PROTECTED]>
> Date: Sun, 6 Jan 2002 23:23:11 -0800
> Subject: [Leaf-user] HUH? blocked in log
>
> What is this?
> Jan 7 13:34:24 FYRE kernel: Packet log: input DENY eth0 PROTO=17
> 24.130.38.48:1024 255.255.255.255:514 L=126 S=0x00 I=25181 F=0x4000
> T=255 (#46)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
