offtopic : disecting an iptables log message
Here's an example:
Oct 1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC=18.104.22.168 DST=22.214.171.124 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=17211 PROTO=UDP SPT=137 DPT=137 LEN=58
I'm reading that as:
-coming IN to my eth0
-going OUT my MAC address because it doesn't belong to my ip
-SRC is the source ip
-DST is the destination ip, but the last .255 makes me wonder if this isn't
being broadcast to everyone on the network
-LEN is the lenght? but of what?
-PROTO is using the UDP protocol
-SPT i assume is source port 137 from 'their' machine
-DPT i assume is the destination port on DST (which isn't me)
-LEN 2nd lenght??
Is there a faq somewhere that can help me break this stuff down so I can pour
over the logs and understand what I'm looking at.