Find the answer to your Linux question:
Results 1 to 4 of 4
Hello, My logs from iptables look like this: Feb 21 10:07:38 servername kernel: ***INPUT PACKETS***=>IN=eth0 OUT= MAC=00:0d:56:b8:f8:9c:00:09:5b:58:35:a5:08:00 SRC=134.214.x.x DST=192.168.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=5107 DF PROTO=TCP SPT=61945 DPT=22 WINDOW=65007 RES=0x00 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69

    help me to understand iptables logs


    Hello,
    My logs from iptables look like this:

    Feb 21 10:07:38 servername kernel: ***INPUT PACKETS***=>IN=eth0 OUT= MAC=00:0d:56:b8:f8:9c:00:09:5b:58:35:a5:08:00 SRC=134.214.x.x DST=192.168.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=5107 DF PROTO=TCP SPT=61945 DPT=22 WINDOW=65007 RES=0x00 ACK FIN URGP=0

    Feb 21 10:07:38 servername kernel: ***OUTPUT PACKETS***=>IN= OUT=eth0 SRC=192.168.x.x DST=134.214.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=25772 DF PROTO=TCP SPT=22 DPT=61945 WINDOW=11552 RES=0x00 ACK FIN URGP=0

    Everything looks just fine.


    But I also have the following line:
    Feb 21 22:20:11 servername kernel: ***OUTPUT PACKETS***=>IN= OUT=eth0 S46 DF PROTO=TCP SPT=22 DPT=1244 WINDOW=8576 RES=0x00 ACK URGP=0


    There is no source IP, no destination IP, nothing.


    What could this mean??


    ddaas

  2. #2
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    SRC means source, whereas DST means destination, SPT=source port, DPT= destination port, in this case, 134.214.x.x is trying to connect to 192.168.x.x thru ssh

    the SPT=61945 is normal, learn more about TCP/IP if you're interested.

  3. #3
    Just Joined!
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    69
    I know that.

    What I don't understand is:
    But I also have the following line:
    Feb 21 22:20:11 servername kernel: ***OUTPUT PACKETS***=>IN= OUT=eth0 S46 DF PROTO=TCP SPT=22 DPT=1244 WINDOW=8576 RES=0x00 ACK URGP=0

    There is no source IP, no destination IP, nothing.

    What could this mean??

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    lol, sorry, my fault. Din read your post carefully ...

    IN= OUT=eth0 S46 DF PROTO=TCP SPT=22 DPT=1244 WINDOW=8576 RES=0x00 ACK URGP=0

    hmmm.... no input, means it's generated from the box itself, output thru eth0 (local network, not ppp0 or something) source port 22 (SSH??!!??) ....
    your ssh is trying to broadcast something or... erm.... beat me....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •