Confirming my understanding of an ipf log line
Norberto Meijome
freebsd at meijome.net
Mon May 17 23:44:32 PDT 2004
Hi list,
I saw this in my ipf.log (using ipfmon):
18/05/2004 15:57:21.092537 fxp0 @25:1 S w.x.y.z -> a.b.c.d PR tcp len 20
(40) frag 20 at 8 IN
where :
- fpx0 is my interface connected to the outside world
- w.x.y.z is an IP not related to any system under our control
- a.b.c.d is the public IP used for NATed traffic from our LAN.
- @25:1 is : @1 block in log quick from any to any with short group 25
Does the "S" after @25:1 mean it was a packet too short to be true?
What does the frag 20 at 8 mean?
Thanks!!
Beto
More information about the freebsd-security
mailing list