* Log Entries with multiple PROTO fields?
@ 2004-03-17 14:10 Tim Evans
2004-03-19 12:22 ` Tarek W.
0 siblings, 1 reply; 3+ messages in thread
From: Tim Evans @ 2004-03-17 14:10 UTC (permalink / raw)
To: netfilter
What do these kind of log message mean? Note there are two PROTO fields:
Mar 8 08:19:43 kernel: IPT OUT_ICMP: IN= OUT=eth1 SRC=x.x.x.xDST=x.x.x.
.x LEN=76 TOS=0x00 PREC=0xC0 TTL=64 ID=54844 PROTO=ICMP TYPE=11 CODE=0
[SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=TCP
SPT=110 DPT=4312 WINDOW=5840 RES=0x00 ACK SYN URGP=0 ]
Mar 8 09:24:14 kernel: IPT OUT_ICMP: IN= OUT=eth1 SRC=x.x.x.xDST=x.x.x.x
LEN=80 TOS=0x00 PREC=0xC0 TTL=64 ID=24045 PROTO=ICMP TYPE=11 CODE=0
[SRC=x.x.x.x DST=x.x.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=1 ID=27964 DF PROTO=TCP
SPT=80 DPT=60884 WINDOW=57920 RES=0x00 ACK FIN URGP=0 ]
--
Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court
tkevans@tkevans.com | Owings Mills, MD 21117
http://www.tkevans.com/ | 443-394-3864
http://www.come-here.com/News/ |
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Log Entries with multiple PROTO fields?
2004-03-17 14:10 Log Entries with multiple PROTO fields? Tim Evans
@ 2004-03-19 12:22 ` Tarek W.
2004-03-19 12:40 ` Ray Leach
0 siblings, 1 reply; 3+ messages in thread
From: Tarek W. @ 2004-03-19 12:22 UTC (permalink / raw)
To: netfilter
On Wed, 2004-03-17 at 16:10, Tim Evans wrote: [snipped]
> What do these kind of log message mean? Note there are two PROTO fields:
>
> Mar 8 08:19:43 kernel: IPT OUT_ICMP: IN= OUT=eth1 SRC=x.x.x.xDST=x.x.x.
> .x LEN=76 TOS=0x00 PREC=0xC0 TTL=64 ID=54844 PROTO=ICMP TYPE=11 CODE=0
> [SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=TCP
> SPT=110 DPT=4312 WINDOW=5840 RES=0x00 ACK SYN URGP=0 ]
this is an ICMP packet sent in response to the TCP packet which is
detailed inside []
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Log Entries with multiple PROTO fields?
2004-03-19 12:22 ` Tarek W.
@ 2004-03-19 12:40 ` Ray Leach
0 siblings, 0 replies; 3+ messages in thread
From: Ray Leach @ 2004-03-19 12:40 UTC (permalink / raw)
To: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 887 bytes --]
On Fri, 2004-03-19 at 14:22, Tarek W. wrote:
> On Wed, 2004-03-17 at 16:10, Tim Evans wrote: [snipped]
> > What do these kind of log message mean? Note there are two PROTO fields:
> >
> > Mar 8 08:19:43 kernel: IPT OUT_ICMP: IN= OUT=eth1 SRC=x.x.x.xDST=x.x.x.
> > .x LEN=76 TOS=0x00 PREC=0xC0 TTL=64 ID=54844 PROTO=ICMP TYPE=11 CODE=0
> > [SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=TCP
> > SPT=110 DPT=4312 WINDOW=5840 RES=0x00 ACK SYN URGP=0 ]
>
> this is an ICMP packet sent in response to the TCP packet which is
> detailed inside []
icmp TYPE=11 CODE=0 -- host unreachable(?)
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-03-19 12:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-17 14:10 Log Entries with multiple PROTO fields? Tim Evans
2004-03-19 12:22 ` Tarek W.
2004-03-19 12:40 ` Ray Leach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.