SLUG Mailing List Archives
Re: [SLUG] eth0 kernel message?
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] eth0 kernel message?
- From: Jamie Wilkinson <jaq@xxxxxxxxxxxxxx>
- Date: Sun Sep 16 21:51:02 2001
- Reply-by: Wed Sep 19 21:38:48 EST 2001
- Reply-to: slug@xxxxxxxxxxx
- User-agent: Mutt/1.3.20i
This one time, at band camp, David wrote:
>Suspect short first fragment.
>eth0 PROTO=6 18.104.22.168:0 22.214.171.124:0 L=20 S=0x00 I=7444 F=0x4000
>First, what does it mean?
A suspected short TCP packet came in on eth0, using from no particular port
on 126.96.36.199, destined for no particular port on 188.8.131.52, with a
bunch of flags. It was caught by the 0th rule in your firewalling scripts.
>Second, how would I find out what this or any other such message means
>without having to ask the erudite denizens of SLUG?
/etc/protocols holds the list of protocol numbers from the PROTO= field, #0
refers to the ipchains rule that triggered the log message, the IP:port
notation should be obvious. For the rest, I'd suggest looking at the
Firewalling HOWTO, IIRC there was a section that spelt out what the log
<Balial> This port may thing it's fortified, butt I seem to be mounting
a pretty good assault