Le mar 19/10/2004 à 18:52, Peter Marshall a écrit : > Oct 19 14:46:05 rubidium kernel: REJECT: INPUT IN=eth1 OUT= > MAC=00:50:04:9b:7a:ee:00:50:04:68:df:06:08:00 SRC=10.90.0.1 DST=10.90.0.2 > LEN=484 TOS=0x10 PREC=0xC0 TTL=64 ID=58050 PROTO=ICMP TYPE=5 CODE=1 > GATEWAY=192.168.202.73 [SRC=10.90.0.2 DST=192.168.202.73 LEN=456 TOS=0x10 > PREC=0x00 TTL=64 ID=7787 DF PROTO=TCP SPT=15422 DPT=2510 WINDOW=8576 > RES=0x00 ACK PSH URGP=0 ] For those who do not fully understand Netfilter logging, you can find a very good (I learnt a lot from this site) Netfilter log format (and ipchains as well) ressource at this URL : http://logi.cc/linux/netfilter-log-format.php3 And most of all, they have a web based log to human translator : http://logi.cc/linux/NetfilterLogAnalyzer.php3 Just copy/paste up to 10 log lines and you get a comprehensive translation. In this cas, we have : Filter = INPUT, in=eth1 Name of Chain = not available Rule Number = not available Protocol Number = 1 = ICMP = Internet Control Message [RFC792] IP Source Addr = 10.90.0.1 IP Dest. Addr = 10.90.0.2 ICMP Type = 5 = Redirect Datagram [RFC792] ICMP Code = 1 = for the Host IP Packet Len = 484 bytes IP Header Len = 5 words = 20 bytes (Exact length not available, why?) IP Payload Len = 464 bytes, including the ICMP header (4 bytes) IP TOS/DS = 1101000.=TOS:Precedence=Internetwork_Control(usually ignored), Type=Min_Delay = 110100..=DS:Codepoint=110100, Pool=1 (Standards Action)[RFC2474] IP Time To Live = 64 (hops remaining) IP ID = 58050 (Unique to each IP datagram) IP Flags = 000............. Ethernet Src = 00:50:04:68:df:06 Dst = 00:50:04:9b:7a:ee (eth1) Type = 08:00 (IPv4 packet) -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
