[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

offtopic : disecting an iptables log message

Here's an example:

Oct  1 18:30:09 stimpy kernel: Firewall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:80:5a:e6:33:00:08:00 SRC= DST= LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=17211 PROTO=UDP SPT=137 DPT=137 LEN=58

I'm reading that as:

-coming IN to my eth0
-going OUT my MAC address because it doesn't belong to my ip
-SRC is the source ip
-DST is the destination ip, but the last .255 makes me wonder if this isn't
being broadcast to everyone on the network
-LEN is the lenght? but of what?
-TOS ??
-PREC ??
-TTL ??
-ID ??
-PROTO is using the UDP protocol
-SPT i assume is source port 137 from 'their' machine
-DPT i assume is the destination port on DST (which isn't me)
-LEN 2nd lenght??

Is there a faq somewhere that can help me break this stuff down so I can pour
over the logs and understand what I'm looking at.

Reply to: