[Techtalk] firewall log entry
Nadine Leenders
nadine.leenders at ualberta.ca
Tue Sep 29 22:55:57 UTC 2009
I'm trying to decipher a firewall log entry (I've mangled hostname and
IP info a little for privacy):
Sep 25 15:59:42 saturn kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
MAC=00:30:48:7f:6d:b6:00:30:48:7f:6d:60:08:00
SRC=129.128.177.25 DST=129.128.177.28 LEN=60
OS=0x00 PREC=0x00 TTL=64 ID=11723 DF PROTO=TCP SPT=789 DPT=15002
WINDOW=5792 RES=0x00 SYN URGP=0 OPT
(020405B40402080A14D702E613603EDF01030306)
So far, I've learned:
Sep 25 15:59:42 saturn kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
MAC=00:30:48:7f:6d:b6:00:30:48:7f:6d:60:08:00
date, time, hostname, syslog level,
IN - incoming interface
OUT - outgoing interface
SRC=129.128.177.25 DST=129.128.177.28 LEN=60
SRC - source IP address
DST - destination IP address
LEN - packet length
TOS=0x00 PREC=0x00 TTL=64 ID=11723 DF PROTO=TCP SPT=789 DPT=15002
TOS - Type Of Service
PREC - type of service Precedence
TTL - Time To Live
ID - IP Identification number
PROTO - IP protocol
SPT - Source Port #
DPT - Destination Port #
WINDOW=5792 RES=0x00 SYN URGP=0 OPT
(020405B40402080A14D702E613603EDF01030306)
=======
My confusion thus far is trying to figure out what SFW2-INext-ACC-TCP
is (syslog level???).
And I haven't even started working on the last part since I've been
busy with the first part, so clues for that too would be most
appreciated. It also looks like I missed "DF" too.
Thanks,
- Nadine
Nadine Leenders
HPC System Administrator, Research Support
Academic Information and Communication Technologies
University of Alberta
More information about the Techtalk
mailing list