One for the comms experts
meandmine
redhowlingwolves at nc.rr.com
Sun Sep 20 07:57:20 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
GaryT wrote:
> Below is a line from one of my log files. I want to know whether it's an
> incoming or outgoing packet.
>
> Sep 9 12:03:34 username-computername kernel:
> [182264.290824]
> Inbound IN=eth0
> OUT= MAC=00:1a:4d:6b:72:93:00:25:69:59:3d:c8:08:00
> SRC=10.1.1.1
> DST=10.1.1.2
> LEN=576
> TOS=0x00
> PREC=0xC0
> TTL=64
> ID=45664
> PROTO=ICMP
> TYPE=3 CODE=4
>
> ** Note: next 14 items in [square brackets]
>
> [SRC=10.1.1.2
> DST=xx.xx.xx.xxx
> LEN=1493
> TOS=0x00
> PREC=0x00
> TTL=63
> ID=36160 DF
> PROTO=TCP
> SPT=52474
> DPT=80
> WINDOW=5840
> RES=0x00
> ACK
> PSH URGP=0 ]
>
> MTU=1492
>
> It's all in one line, so I'm assuming it's related to one packet only.
> Could that be wrong? Could part of this be a return packet?
>
> The first part would appear to indicate that it's coming in through the
> router. The source 10.1.1.1 is the router, the destination 10.1.1.2 is
> the computer (or would that be the kernel??)
>
> BUT
>
> using that logic, the bit in square brackets would seem to be an
> outgoing packet Source 10.1.1.2 (the computer) destination is the IP
> address I've hidden to protect the guilty.
>
> Both have an individual length, so that might lean toward this line
> containing details of two packets. Perhaps the first part being
> acknowledgment of receipt of an earlier packet that was sent out.
>
> How's my thinking?
> GaryT
>
>
>
>
>
>
It's an ICMP. or ping, packet. Type 3 is a 'Destination Unreachable' and
the code=4 is an error meaning 'Fragmentation Needed and Don't Fragment
was Set'. It's more than likely a DHCP packet asking who has what
address. The second is just an acknowledgment (ACK).
Are you blocking pings?
Try using Wireshark to see if you can find the actual packets.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBSrXgX6SvjvL7s/z0AQL3gQgAoEFL0YnSSWDo4xusbZ5N/lQaOt7lbj9I
AL/CBnCEikg44uvBuhFKE1O5GH81UXxRafZ3goQZihcNF31xwsjJ2ymluI70GAWi
rXYP/rgKmrp0DQVeu/7w0FZ89V2qFBgRVEFUUpVmkzS+7tvPucDMZHZyebbQH19q
Ny+7g4ixfe4Lv7MVWagqkkFWMirkouFvmpR7MDoK7FhaMG6et4Zd+47GnjeWI8Lw
yy78BYXZ8GQrPrd8rIH0pZUZvf78VIXSsFFJv4aKqG3BuZcE5ddiQe9RaP/H4J1a
DATRcVv41dTNzZvr0tB89mbHNQtaBc62B29HBHzvtAplkFjuu7NtHw==
=4gG2
-----END PGP SIGNATURE-----
More information about the ubuntu-users
mailing list