Date: Wed, 19 May 2004 00:16:01 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Norberto Meijome <freebsd@meijome.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipf log line Message-ID: <20040518211601.GD4714@gothmog.gr> In-Reply-To: <40AA08CB.3070605@meijome.net> References: <40AA08CB.3070605@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-05-18 22:59, Norberto Meijome <freebsd@meijome.net> wrote: > I saw this in my ipf.log (using ipfmon): > > 18/05/2004 15:57:21.092537 fxp0 @25:1 S w.x.y.z -> a.b.c.d PR tcp len 20 (40) frag 20@8 IN > > where : > - fpx0 is my interface connected to the outside world > - w.x.y.z is an IP not related to any system under our control > - a.b.c.d is the public IP used for NATed traffic from our LAN. > - @25:1 is : @1 block in log quick from any to any with short group 25 > > Does the "S" after @25:1 mean it was a packet too short to be a proper > tcp packet? The packet has the TCP SYN flag bit set (non-zero). > What does the frag 20@8 mean? IIRC, these are the length and starting offset, respectively, of the blocked fragment within the full IP packet. - Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040518211601.GD4714>