On Wed, 2002-07-03 at 07:49, Dan Jacobson wrote: > So where is the page that tells us what all the iptables mumbojumbo in > syslog means? > MAC= SRC=168.95.4.122 DST=61.227.44.161 LEN=90 TOS=0x00 PREC=0x00 > TTL=249 ID=60171 DF PROTO=TCP SPT=25 DPT=61157 WINDOW=10136 RES=0x00 > ACK PSH FIN URGP=0 Dunno about any docs - but you can figure out much of it if you're familiar with IP and TCP packets. Here's what I know or guess: MAC: (ethernet) MAC address of source and dest (but this has an unusual format, dunno why: 00:50:ba:7b:4a:1f:00:30:19:73:09:54:08:00 - not sure how to decode this. source and destination MAC are in there, for sure, but there are 2 bytes more. SRC, DST: source, dest IP address LEN: length of the packet. Not sure, but I think this'd be the length of the IP packet. TOS: TOS field of the IP packet. Unused on most networks, btw, so anything but 0 would be strange. PREC: ??? TTL: Time to Live (hop count) of the IP Package ID, DF? PROTO: the protocol fiel of the IP header. Usually TCP, UDP or ICMP. SPT, DPT: source and destination TCP (or UDP) port. WINDOW: not sure. Must be related to the TCP windowing algorithm. RES: ? ACK, PSH, FIN: read what the various TCP flags are. SYN also may appear here. URGP: TCP may transport 'urgent' (out of band) data, this is indicated with the URGP Dunno what fileds are possible for other cases, ICMP may have some others. But I hope you can make some sense of this. cheers -- vbi -- secure email with gpg http://fortytwo.ch/gpg
Attachment:
signature.asc
Description: This is a digitally signed message part