Answer to 1: IN and OUT are the in and out physical interfaces SRC and DST are source and destination IP (obviously) SPT is source port DPT is destination port (you have an RPC port mapper request there (port 135)) The rest you can pretty safely ignore except for the flags. I've never needed to use any of them except for TTL on occasion. -----Original Message----- From: Rakotomandimby Mihamina [mailto:mrakotom@xxxxxxx] Sent: Tuesday, January 13, 2004 7:58 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: log interpreter , for report ... Hi again , 1°) This is a line of iptables log IN=ppp0 OUT= MAC= SRC=80.14.205.152 DST=80.15.220.67 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=64444 DF PROTO=TCP SPT=4717 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 How to see what port have been attempted ? 2°) Is fwlogwatch a tool that will help me to make the logs more readable , or a tool that will tell me that something is attempting to @#$£ my network ? What i'm looking for is something like this : http://www.gege.org/iptables/ but i dont want to install SQL nor Apache /PHP . Does it exist ? I just want a kind of report of what has been DROPped but in a readable format ... Anyway , the logging format can be read , but it needs training , and i have no training . -- Rakotomandimby Mihamina Andrianifaharana Tel : +33 2 38 76 43 65 http://stko.dyndns.info/site_principal/Members/mihamina ---------------------------------------- The information transmitted in this message is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.
