[newbie] How Do I Read Packet Log?

Tue, 14 Aug 2001 14:14:29 -0700


Hi,
Can someone tell me how to read packet log entries. I've turned on 'log all rejected packets' in System Properties - Alerts' and I've set audit for ICMP echo-request and redirect.
I'd like to know what the logs tell me. Is this documented any where? I think what I'm seeing is benign but I don't really know.
These are snippets from the log ...

Aug 14 10:19:31 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=15725 F=0x0000 T=111 (#37)
Aug 14 10:19:31 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=15981 F=0x0000 T=111 (#37)
Aug 14 10:19:31 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=16237 F=0x0000 T=111 (#37)
Aug 14 10:19:35 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=17517 F=0x0000 T=111 (#37)
Aug 14 10:19:35 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=17773 F=0x0000 T=111 (#37)
Aug 14 10:19:35 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=18029 F=0x0000 T=111 (#37)
Aug 14 10:19:39 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=19053 F=0x0000 T=111 (#37)
Aug 14 10:19:39 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=19309 F=0x0000 T=111 (#37)
Aug 14 10:19:39 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=19565 F=0x0000 T=111 (#37)
Aug 14 10:19:43 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=20589 F=0x0000 T=111 (#37)
Aug 14 10:19:43 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=20845 F=0x0000 T=111 (#37)
Aug 14 10:19:43 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=21101 F=0x0000 T=111 (#37)
Aug 14 10:19:47 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=22125 F=0x0000 T=111 (#37)
Aug 14 10:19:47 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=22381 F=0x0000 T=111 (#37)
Aug 14 10:19:47 firewall kernel: Packet log: input DENY ppp0 PROTO=17 203.109.202.82:61333 144.137.117.45:4371 L=40 S=0x00 I=22637 F=0x0000 T=111 (#37)
...
Aug 14 12:13:00 firewall kernel: Packet log: input DENY ppp0 PROTO=17 24.192.1.30:53 144.137.117.45:61213 L=72 S=0x00 I=38917 F=0x4000 T=62 (#38)
...
Aug 14 13:09:30 firewall kernel: Packet log: input DENY ppp0 PROTO=6 144.137.68.155:3890 144.137.117.45:80 L=48 S=0x00 I=15398 F=0x4000 T=125 SYN (#38)
Aug 14 13:13:34 firewall kernel: Packet log: input DENY ppp0 PROTO=6 144.132.51.120:2653 144.137.117.45:80 L=48 S=0x00 I=47483 F=0x4000 T=125 SYN (#38)
Aug 14 13:13:40 firewall kernel: Packet log: input DENY ppp0 PROTO=6 144.132.51.120:2653 144.137.117.45:80 L=48 S=0x00 I=48014 F=0x4000 T=125 SYN (#38)
...
Aug 14 15:55:52 firewall kernel: Packet log: input DENY ppp0 PROTO=6 144.137.142.49:2698 144.137.117.45:80 L=48 S=0x00 I=59538 F=0x4000 T=125 SYN (#38)
Aug 14 15:55:55 firewall kernel: Packet log: input DENY ppp0 PROTO=6 144.137.142.49:2698 144.137.117.45:80 L=48 S=0x00 I=59791 F=0x4000 T=125 SYN (#38)
Aug 14 15:56:01 firewall kernel: Packet log: input DENY ppp0 PROTO=6 144.137.142.49:2698 144.137.117.45:80 L=48 S=0x00 I=60381 F=0x4000 T=125 SYN (#38)

144.137.177.45 is my IP address, the others I don't recognise although 144.137.142.49 is probably another ADSL user.

Thanks
Dallas

Reply via email to