Le mer 19/02/2003 à 10:36, Konstantin Dorichev a écrit : > Could anyone please comment on MAC field in iptables log entry? Why does it > have 14 bytes instead of 6 as it should be for Ethernet card MAC address? Or > this field means something else? In fact MAC does not stand for MAC address, but for MAC header. This 14 bytes field is the ethernet layer header hexa dump which is : 6 bytes : DST MAC 6 bytes : SRC MAC 2 bytes : Ethertype (i.e. payload type) > MAC=00:50:04:a2:08:91:00:01:42:1b:57:20:08:00 SRC=80.117.120.207 DST MAC : 00:50:04:a2:08:91 (i.e. your box) SRC MAC : 00:01:42:1b:57:20 (i.e. your access router I guess) ETHTYPE : 08:00 (i.e. IP) I do think this URL will be useful for you :))) http://logi.cc/linux/netfilter-log-format.php3 -- Cédric Blancher <blancher@cartel-securite.fr> Consultant en sécurité des systèmes et réseaux - Cartel Sécurité Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
