Hi, Does anyone know why iptables would log a mac address in this fashion: Jun 12 22:00:42 servername kernel: FW filter INPUT Chain:IN=ext OUT= MAC=02:00:00:00:00:09:00:06:2a:73:f0:70:08:00:45:00:00:28:94:7b:40:00:35:06:db:02:9c:37:85: 58:44:a3:70:1f:01:bb:da:e1:87:0f:30:c4:00:00:00:00:50:04:c2:10:83:0d:00:00:00:00:00:00:00:00:87:61:75:e8:92:64:cd:6e:f6:ce:91:bc:ed:ee:37:6e:b3:db:64:8b:18:59 SRC=<some source ip> DST=<some destination ip> LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=38011 DF PROTO=TCP SPT=443 DPT=56033 WINDOW=49680 RES=0x00 RST URGP=0 Its been determined the mac= portion is a combined string for: 2:00:00:00:00:09:00:06:2a:73:f0:70: --> SMAC and DMAC address combined 08:00: --> type IP 45:00:00:2c: --> IP v4 header, TOS and Length fields a2:d7:00:00: --> ID, flags and frag offset f2:06:50:c1: --> TTL, protocol (TCP) and checksum d0:4e:50:22:44:a3:70:1f: --> SrcIP and DstIP 00:50:e3:99: --> SrcPort (HTTP) and DestPort We are running iptables 1.2.9. Only packets from the filter input chain get logged in this fashion and we don't know why. Such a long mac address makes it hard to analyze the logs and figure out what's going on. Why does the mac get logged this way? And is there anyway to prevent it from logging in this manner? Thanks, Dan _____________ LEGAL NOTICE Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately, then delete this message and empty from your trash.
