Log entries
Maciej Soltysiak
solt@dns.toxicfilms.tv
Thu, 20 Dec 2001 08:06:33 +0100 (CET)
> What is the meaning of a logged packet where there is a second set
> of information enclosed in [ ] ? E.g.:
>
> Dec 19 02:26:56 rainer kernel: IPTables: block DENY IN=eth1 OUT=
> MAC=00:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:92:08:00 SRC=Z.Z.Z.230
> DST=X.X.X.11 LEN=56 TOS=0 x00 PREC=0x00 TTL=242 ID=27482 DF
> PROTO=ICMP TYPE=3 CODE=1 [SRC=X.X.X.11 DST =Y.Y.Y.9 LEN=72
> TOS=0x10 PREC=0x00 TTL=49 ID=38084 FRAG:64 PROTO=TCP ]
This means that this ICMP packet was generated by this packet in brackets
[]
Timeline:
someone from X.X.X.11 send TCP to Y.Y.Y.9 with TOS=0x10 and so on.
and then YOU get this ICMP from Z.Z.Z.230.
Is is normal. This is how your host knows that ICMP Destination
Unreachable; Port Unreachable (Type=3; Code=1) is related to some other
attempt to connect to Y.Y.Y.9 by X.X.X.11
ICMP Dest. Unreach. are supposed to contain some part of the offending
datagram that caused the ICMP to be issued. (Some OS's add 64bytes, some
less, some give more)
I hope it is a satisfactory answer.
Best Regards,
Maciej Soltysiak.