Security Basics mailing list archives

Re: PROTO=TCP INCOMPLETE

From: "Nathaniel White" <nathaniel () televar com>
Date: Mon, 22 Dec 2003 15:28:42 -0800

This is an ICMP Type 3 message. That type of message is sent when the
destination address is unreachable. The part of the log in brackets is the
IP header and the first 8 bytes after the IP header of the packet that could
not reach its destination. It says TCP INCOMPLETE because the full TCP
header is 20 bytes, but only 8 were there.

Subject: PROTO=TCP INCOMPLETE

Can anyone explain me the log bellow?



Dec 22 08:44:31 TFSWEB kernel: INVALID: IN=ppp0 OUT= MAC=
SRC=81.36.93.118 DST=xxx.xxx.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=136
ID=6618 PROTO=ICMP TYPE=3 CODE=1 [SRC=xxx.xxx.xxx.xxx DST=192.168.0.2
LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=45750 DF PROTO=TCP INCOMPLETE [8
bytes] ]


Best regards,
Rodrigo Ramos


--------------------------------------------------------------------------

--------------------------------------------------------------------------

--




---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

PROTO=TCP INCOMPLETE Rodrigo B. Ramos (Dec 22)
- Re: PROTO=TCP INCOMPLETE Nathaniel White (Dec 22)
- RE: PROTO=TCP INCOMPLETE David Gillett (Dec 23)