Log question

All of lore.kernel.org
 help / color / mirror / Atom feed

* Log question
@ 2004-06-07 14:52 Michael Sams
  2004-06-07 15:06 ` Antony Stone
  0 siblings, 1 reply; 2+ messages in thread
From: Michael Sams @ 2004-06-07 14:52 UTC (permalink / raw)
  To: netfilter

Hi there... I am sorry if this questions has already been asked. I am 
try to understand some iptables logs. The one I have attached I don't 
really understand. Could someone point me in the right direction?

Any help is greatly appreciated!

1.2.3.4 = My server


Jun  7 02:23:48 myserver kernel: INVALID STATE:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 
LEN=68 TOS=0x00 PREC=0xC0 TTL=64 ID=13447 PROTO=ICMP TYPE=3 CODE=1 
[SRC=1.2.3.4 DST=219.141.107.<snip> LEN=40 TOS=0x00 PREC=0x00 TTL=255 
ID=0 DF PROTO=TCP SPT=5554 DPT=4715 WINDOW=0 RES=0x00 ACK RST URGP=0 ]


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Log question
  2004-06-07 14:52 Log question Michael Sams
@ 2004-06-07 15:06 ` Antony Stone
  0 siblings, 0 replies; 2+ messages in thread
From: Antony Stone @ 2004-06-07 15:06 UTC (permalink / raw)
  To: netfilter

On Monday 07 June 2004 3:52 pm, Michael Sams wrote:

> Hi there... I am sorry if this questions has already been asked. I am
> try to understand some iptables logs. The one I have attached I don't
> really understand. Could someone point me in the right direction?
>
> Any help is greatly appreciated!
>
> 1.2.3.4 = My server
>
> Jun 7 02:23:48

Date & time - pretty obvious :)

> myserver

Your server's hostname.

> kernel:

Kernel log message

> INVALID STATE:

The string you specified for "log-prefix"

> IN=lo

Packet came in on loopback interface

> OUT=

Packet is not going to go out on any interface

> MAC=00:00:00:00:00:00

Destination MAC address is blank (loopback doesn't use it).

> :00:00:00:00:00:00:

Source MAC address is blank (loopback doesn't use it)

>08:00

Protocol is IP over ethernet

> SRC=1.2.3.4

Source IP address

> DST=1.2.3.4

Destination IP address

> LEN=68

Packet length including headers.

> TOS=0x00

Type Of Service flags not set (= 0000 0000)

> PREC=0xC0

Precedence bits = 1100 0000

> TTL=64

Time to live = 64: another 64 hops to go before the packet expires

> ID=13447

ICMP ID number = 13447

> PROTO=ICMP

This is an ICMP packet

> TYPE=3

ICMP type = 3 (Destination Unreachable)

> CODE=1

ICMP code = 1 (Host Unreachable)

> [SRC=1.2.3.4 DST=219.141.107.<snip> LEN=40 TOS=0x00 PREC=0x00 TTL=255
> ID=0 DF PROTO=TCP SPT=5554 DPT=4715 WINDOW=0 RES=0x00 ACK RST URGP=0 ]

Snippet of the original packet which this ICMP error is referring to (a TCP 
packet from 1.2.3.4 to 219.141.107.<snip>, from source port 5554 to 
destination port 4715, with the reset flag set, therefore something was 
obviously trying to terminate an already-established connection).

See http://logi.cc/linux/netfilter-log-format.php3 for more details on 
netfilter's logging format.

Regards,

Antony.

-- 
There are only 10 types of people in the world:
those who understand binary notation,
and those who don't.

                                                     Please reply to the list;
                                                           please don't CC me.



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-06-07 15:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-07 14:52 Log question Michael Sams
2004-06-07 15:06 ` Antony Stone

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.