Good evening, Michael, On Wed, 28 Jan 2004, Michael Gale wrote: > When you log a packet entry one of the fields is Len (example > Len=78). Now does this mean the was was 78 bytes ? Yes, the first LEN on the line is the length of the IP header, TCP header, and payload. Some packets have 2 LEN tokens, I believe the second is TCP header + payload. For ICMP error messages where the original packet decode is inside [...], the LEN inside the square brackets is the length of the packet that elicited the error. Cheers, - Bill --------------------------------------------------------------------------- "Whip me, beat me, make me use ipchains." - Paul "Rusty" Russell -------------------------------------------------------------------------- William Stearns (wstearns@xxxxxxxxx). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
