* Log question
@ 2004-06-07 14:52 Michael Sams
2004-06-07 15:06 ` Antony Stone
0 siblings, 1 reply; 2+ messages in thread
From: Michael Sams @ 2004-06-07 14:52 UTC (permalink / raw)
To: netfilter
Hi there... I am sorry if this questions has already been asked. I am
try to understand some iptables logs. The one I have attached I don't
really understand. Could someone point me in the right direction?
Any help is greatly appreciated!
1.2.3.4 = My server
Jun 7 02:23:48 myserver kernel: INVALID STATE:IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4
LEN=68 TOS=0x00 PREC=0xC0 TTL=64 ID=13447 PROTO=ICMP TYPE=3 CODE=1
[SRC=1.2.3.4 DST=219.141.107.<snip> LEN=40 TOS=0x00 PREC=0x00 TTL=255
ID=0 DF PROTO=TCP SPT=5554 DPT=4715 WINDOW=0 RES=0x00 ACK RST URGP=0 ]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Log question
2004-06-07 14:52 Log question Michael Sams
@ 2004-06-07 15:06 ` Antony Stone
0 siblings, 0 replies; 2+ messages in thread
From: Antony Stone @ 2004-06-07 15:06 UTC (permalink / raw)
To: netfilter
On Monday 07 June 2004 3:52 pm, Michael Sams wrote:
> Hi there... I am sorry if this questions has already been asked. I am
> try to understand some iptables logs. The one I have attached I don't
> really understand. Could someone point me in the right direction?
>
> Any help is greatly appreciated!
>
> 1.2.3.4 = My server
>
> Jun 7 02:23:48
Date & time - pretty obvious :)
> myserver
Your server's hostname.
> kernel:
Kernel log message
> INVALID STATE:
The string you specified for "log-prefix"
> IN=lo
Packet came in on loopback interface
> OUT=
Packet is not going to go out on any interface
> MAC=00:00:00:00:00:00
Destination MAC address is blank (loopback doesn't use it).
> :00:00:00:00:00:00:
Source MAC address is blank (loopback doesn't use it)
>08:00
Protocol is IP over ethernet
> SRC=1.2.3.4
Source IP address
> DST=1.2.3.4
Destination IP address
> LEN=68
Packet length including headers.
> TOS=0x00
Type Of Service flags not set (= 0000 0000)
> PREC=0xC0
Precedence bits = 1100 0000
> TTL=64
Time to live = 64: another 64 hops to go before the packet expires
> ID=13447
ICMP ID number = 13447
> PROTO=ICMP
This is an ICMP packet
> TYPE=3
ICMP type = 3 (Destination Unreachable)
> CODE=1
ICMP code = 1 (Host Unreachable)
> [SRC=1.2.3.4 DST=219.141.107.<snip> LEN=40 TOS=0x00 PREC=0x00 TTL=255
> ID=0 DF PROTO=TCP SPT=5554 DPT=4715 WINDOW=0 RES=0x00 ACK RST URGP=0 ]
Snippet of the original packet which this ICMP error is referring to (a TCP
packet from 1.2.3.4 to 219.141.107.<snip>, from source port 5554 to
destination port 4715, with the reset flag set, therefore something was
obviously trying to terminate an already-established connection).
See http://logi.cc/linux/netfilter-log-format.php3 for more details on
netfilter's logging format.
Regards,
Antony.
--
There are only 10 types of people in the world:
those who understand binary notation,
and those who don't.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-06-07 15:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-07 14:52 Log question Michael Sams
2004-06-07 15:06 ` Antony Stone
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.