SLUG Mailing List Archives - Re: [SLUG] eth0 kernel message?

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] eth0 kernel message?
From: Jamie Wilkinson <jaq@xxxxxxxxxxxxxx>
Date: Sun Sep 16 21:51:02 2001
Reply-by: Wed Sep 19 21:38:48 EST 2001
Reply-to: slug@xxxxxxxxxxx
User-agent: Mutt/1.3.20i

This one time, at band camp, David wrote:
>Suspect short first fragment.
>eth0 PROTO=6 208.159.245.1:0 203.23.36.1:0 L=20 S=0x00 I=7444 F=0x4000
>T=116 (#0)

>First, what does it mean?

A suspected short TCP packet came in on eth0, using from no particular port
on 208.159.245.1, destined for no particular port on 203.23.36.1, with a
bunch of flags.  It was caught by the 0th rule in your firewalling scripts.

>Second, how would I find out what this or any other such message means
>without having to ask the erudite denizens of SLUG?

/etc/protocols holds the list of protocol numbers from the PROTO= field, #0
refers to the ipchains rule that triggered the log message, the IP:port
notation should be obvious.  For the rest, I'd suggest looking at the
Firewalling HOWTO, IIRC there was a section that spelt out what the log
messages meant.

-- 
jaq@xxxxxxxxxxxxxx                        http://spacepants.org/jaq.gpg
<Balial> This port may thing it's fortified, butt I seem to be mounting
a pretty good assault

References:
- [SLUG] eth0 kernel message?
  - From: David

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] x-Fnord
Next by Date: Re: [SLUG] x-Fnord
Previous by thread: [SLUG] eth0 kernel message?
Next by thread: [SLUG] Perl IP's etc