On Friday 19 April 2002 3:17 pm, Tony Earnshaw wrote: > > "WithoutMAC" IN=eth2 OUT= MAC=SE:RV:ER:00:00:00:CL:IE:NT:00:00:00:08:00 > > SRC=10.0.0.12 DST=10.0.0.14 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=27649 DF > > PROTO=TCP SPT=3224 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 > > 3: This does not look like "cut 'n paste" (obviously it isn't, but it's > badly copied). The log prefix wouldn't have quotes, the client mac > number is 8 octets, server and client mac are concatenated, why would it > give the server mac, etc. etc. Please do it over again.
How many log entries have you studied, Tony ? I agree the quotes would not normally be there, but the 08:00 on the end of the mac addresses is not part of the client address (and yes, it does belong there), it is correct that the two mac addresses are concatenated, and it is also correct the the server mac address is shown when both client and server are on the same local network segment. This looks like a perfectly reasonable and normal log entry to me. Antony.
