One for the comms experts
GaryT
taig at melbpc.org.au
Sun Sep 20 05:37:03 UTC 2009
Below is a line from one of my log files. I want to know whether it's an
incoming or outgoing packet.
Sep 9 12:03:34 username-computername kernel:
[182264.290824]
Inbound IN=eth0
OUT= MAC=00:1a:4d:6b:72:93:00:25:69:59:3d:c8:08:00
SRC=10.1.1.1
DST=10.1.1.2
LEN=576
TOS=0x00
PREC=0xC0
TTL=64
ID=45664
PROTO=ICMP
TYPE=3 CODE=4
** Note: next 14 items in [square brackets]
[SRC=10.1.1.2
DST=xx.xx.xx.xxx
LEN=1493
TOS=0x00
PREC=0x00
TTL=63
ID=36160 DF
PROTO=TCP
SPT=52474
DPT=80
WINDOW=5840
RES=0x00
ACK
PSH URGP=0 ]
MTU=1492
It's all in one line, so I'm assuming it's related to one packet only.
Could that be wrong? Could part of this be a return packet?
The first part would appear to indicate that it's coming in through the
router. The source 10.1.1.1 is the router, the destination 10.1.1.2 is
the computer (or would that be the kernel??)
BUT
using that logic, the bit in square brackets would seem to be an
outgoing packet Source 10.1.1.2 (the computer) destination is the IP
address I've hidden to protect the guilty.
Both have an individual length, so that might lean toward this line
containing details of two packets. Perhaps the first part being
acknowledgment of receipt of an earlier packet that was sent out.
How's my thinking?
GaryT
More information about the ubuntu-users
mailing list