offtopic : disecting an iptables log message

To: debian-user@lists.debian.org
Subject: offtopic : disecting an iptables log message
From: William Jensen <jensenb@bodach.com>
Date: Sun, 1 Oct 2000 18:42:11 -0500
Message-id: <20001001184211.A349@bodach.com>

Here's an example:

Oct  1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC=24.216.244.211 DST=24.216.244.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=17211 PROTO=UDP SPT=137 DPT=137 LEN=58

I'm reading that as:

-coming IN to my eth0
-going OUT my MAC address because it doesn't belong to my ip
-SRC is the source ip
-DST is the destination ip, but the last .255 makes me wonder if this isn't
being broadcast to everyone on the network
-LEN is the lenght? but of what?
-TOS ??
-PREC ??
-TTL ??
-ID ??
-PROTO is using the UDP protocol
-SPT i assume is source port 137 from 'their' machine
-DPT i assume is the destination port on DST (which isn't me)
-LEN 2nd lenght??

Is there a faq somewhere that can help me break this stuff down so I can pour
over the logs and understand what I'm looking at.

Reply to:

Follow-Ups:
- Re: offtopic : disecting an iptables log message
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>
- Re: offtopic : disecting an iptables log message
  - From: will trillich <will@serensoft.com>

Prev by Date: Re: How to set Xserver resolution
Next by Date: debian: dos2unix and unix2dos utilities.
Previous by thread: Configure APM wake-up events?
Next by thread: Re: offtopic : disecting an iptables log message
Index(es):
- Date
- Thread