Security Basics mailing list archives
Re: PROTO=TCP INCOMPLETE
From: "Nathaniel White" <nathaniel () televar com>
Date: Mon, 22 Dec 2003 15:28:42 -0800
This is an ICMP Type 3 message. That type of message is sent when the destination address is unreachable. The part of the log in brackets is the IP header and the first 8 bytes after the IP header of the packet that could not reach its destination. It says TCP INCOMPLETE because the full TCP header is 20 bytes, but only 8 were there.
Subject: PROTO=TCP INCOMPLETE
Can anyone explain me the log bellow? Dec 22 08:44:31 TFSWEB kernel: INVALID: IN=ppp0 OUT= MAC= SRC=81.36.93.118 DST=xxx.xxx.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=136 ID=6618 PROTO=ICMP TYPE=3 CODE=1 [SRC=xxx.xxx.xxx.xxx DST=192.168.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=45750 DF PROTO=TCP INCOMPLETE [8 bytes] ] Best regards, Rodrigo Ramos --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- PROTO=TCP INCOMPLETE Rodrigo B. Ramos (Dec 22)
- Re: PROTO=TCP INCOMPLETE Nathaniel White (Dec 22)
- RE: PROTO=TCP INCOMPLETE David Gillett (Dec 23)