Firewall Wizards mailing list archives

Re: having trouble reading ipf logs ... different than documentation ?

From: Darren Reed <darrenr () reed wattle id au>
Date: Sat, 3 Feb 2001 01:46:34 +1100 (EST)

You should have asked this question on the IP Filter list but anyway...

[...]

I am old that I should expect logs in this format:

15:57:33.803147 ppp0 @0:2 b 100.100.100.103,443 -> 20.20.20.10,4923 PR tcp 
len 20 1488 -A

^^ This makes perfect sense.  (I see 100.100.100.103 talking to 20.20.20.10 
using tcp on port 443.  easy.)

But, when I run ipmon with this argument:

/sbin/ipmon -D -s  (to put the logs into syslog)

the messages I see in syslog look like this:

Feb  1 11:32:45 gateway ipmon[28872]: 11:32:45.403275 fxp1 @0:0 L 
126.6.37.39 -> 10.10.10.10 PR 162 len 0 (49185) frag 49185@384


The reason you don't know port number is because for protocol 162 there
is no port number and besides which it is a fragment (although the endian
decoding is wrong in the length).

Oh, it was neither a "block" or "pass" rule that generated that output,
it was a "log" rule - if that helps.

darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

having trouble reading ipf logs ... different than documentation ? list tracker (Feb 01)
- Re: having trouble reading ipf logs ... different than documentation ? Darren Reed (Feb 03)
- <Possible follow-ups>
- Re: having trouble reading ipf logs ... different than documentation ? list tracker (Feb 03)