ipf log line
Giorgos Keramidas
keramida at ceid.upatras.gr
Tue May 18 20:26:09 PDT 2004
On 2004-05-18 22:59, Norberto Meijome <freebsd at meijome.net> wrote:
> I saw this in my ipf.log (using ipfmon):
>
> 18/05/2004 15:57:21.092537 fxp0 @25:1 S w.x.y.z -> a.b.c.d PR tcp len 20 (40) frag 20 at 8 IN
>
> where :
> - fpx0 is my interface connected to the outside world
> - w.x.y.z is an IP not related to any system under our control
> - a.b.c.d is the public IP used for NATed traffic from our LAN.
> - @25:1 is : @1 block in log quick from any to any with short group 25
>
> Does the "S" after @25:1 mean it was a packet too short to be a proper
> tcp packet?
The packet has the TCP SYN flag bit set (non-zero).
> What does the frag 20 at 8 mean?
IIRC, these are the length and starting offset, respectively, of the
blocked fragment within the full IP packet.
- Giorgos
More information about the freebsd-questions
mailing list