Connection problems on large high speed connections.

Stian B. Barmen stian at barmen.nu
Thu Apr 28 22:16:20 CEST 2005


Just to satisfy my couriosity, I logged in ulog the invalig packets, and
there are quite a few. How many should I expect to see and count as
normal? 

For instance I downloaded a file from a reasonably fast FTP server at
about 7 MB, and during I logged three invalid TCP packets. 

Apr 28 22:07:25 fire Invalid:  IN=eth1 OUT=
MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00  SRC=156.56.247.195
DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=47468 CE DF
PROTO=TCP SPT=80 DPT=33553 SEQ=985943197 ACK=497088462 WINDOW=6432 ACK
URGP=0
Apr 28 22:07:43 fire Invalid:  IN=eth1 OUT=
MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00  SRC=156.56.247.195
DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=52274 CE DF
PROTO=TCP SPT=80 DPT=33553 SEQ=989439897 ACK=497088462 WINDOW=6432 ACK
URGP=0
Apr 28 22:07:47 fire Invalid:  IN=eth1 OUT=
MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00  SRC=156.56.247.195
DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=53186 CE DF
PROTO=TCP SPT=80 DPT=33553 SEQ=990104197 ACK=497088462 WINDOW=6432 ACK
URGP=0

Should I just count this as normal? I thougt about using a limit per
second to log if it happened more than 2-3 per second. 

Best regards
Stian B. Barmen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2685 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20050428/53cfac11/smime.bin


More information about the netfilter mailing list