This one time, at band camp, David wrote:
>Suspect short first fragment.
>eth0 PROTO=6 208.159.245.1:0 203.23.36.1:0 L=20 S=0x00 I=7444 F=0x4000
>T=116 (#0)
>First, what does it mean?
A suspected short TCP packet came in on eth0, using from no particular port
on 208.159.245.1, destined for no particular port on 203.23.36.1, with a
bunch of flags. It was caught by the 0th rule in your firewalling scripts.
>Second, how would I find out what this or any other such message means
>without having to ask the erudite denizens of SLUG?
/etc/protocols holds the list of protocol numbers from the PROTO= field, #0
refers to the ipchains rule that triggered the log message, the IP:port
notation should be obvious. For the rest, I'd suggest looking at the
Firewalling HOWTO, IIRC there was a section that spelt out what the log
messages meant.
--
[EMAIL PROTECTED] http://spacepants.org/jaq.gpg
<Balial> This port may thing it's fortified, butt I seem to be mounting
a pretty good assault
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
