I know the kernel builds a connection table, could this be a short-hand for the entry in that table?
On Mon, 2003-12-15 at 11:04, Jeff Bollinger wrote: > Look at the log entry from IPTables below: > > > Dec 15 10:40:23 blackout kernel: ***SSH connection:IN=eth0 OUT= > MAC=00:0d:61:C5:76:b1:00:04:75:a0:d1:db:08:00 SRC=x.x.x.x DST=x.x.x.x > LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=15253 DF PROTO=TCP SPT=9453 DPT=22 > WINDOW=5840 RES=0x00 SYN URGP=0 > > The MAC address field seems to be divided into > > source: 00:0d:61:C5:76:b1 > dest: 00:04:75:a0:d1:db > > and an 08:00 on the end (2048 in decimal). What do these extra two > bytes signify? I notice this on almost all hosts that are > filtering/logging with IPtables, but I couldn't concoct the appropriate > Google query to get the answer. :) > > Thanks, > Jeff -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
