From owner-freebsd-questions@FreeBSD.ORG Tue May 18 06:08:13 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5EB016A4CE for ; Tue, 18 May 2004 06:08:13 -0700 (PDT) Received: from mail.sharmannetworks.com (mail.sharmannetworks.com [210.8.93.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4EB643D39 for ; Tue, 18 May 2004 06:08:12 -0700 (PDT) (envelope-from freebsd@meijome.net) Received: from meijome.net ([192.168.1.203]) by mail.sharmannetworks.com over TLS secured channel with Microsoft SMTPSVC(5.0.2195.5329); Tue, 18 May 2004 23:00:03 +1000 Message-ID: <40AA08CB.3070605@meijome.net> Date: Tue, 18 May 2004 22:59:55 +1000 From: Norberto Meijome User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-au, en, es, es-ar MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 18 May 2004 13:00:03.0405 (UTC) FILETIME=[08F457D0:01C43CD8] Subject: ipf log line X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2004 13:08:14 -0000 [ posted again after sending to security@ - sorry for those subscribing to both] Hi list, I saw this in my ipf.log (using ipfmon): 18/05/2004 15:57:21.092537 fxp0 @25:1 S w.x.y.z -> a.b.c.d PR tcp len 20 (40) frag 20@8 IN where : - fpx0 is my interface connected to the outside world - w.x.y.z is an IP not related to any system under our control - a.b.c.d is the public IP used for NATed traffic from our LAN. - @25:1 is : @1 block in log quick from any to any with short group 25 Does the "S" after @25:1 mean it was a packet too short to be a proper tcp packet? What does the frag 20@8 mean? Thanks in advance! Beto