LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-13-2007, 12:39 PM   #1
xface66
LQ Newbie
 
Registered: Dec 2006
Posts: 29

Rep: Reputation: 15
netfilter/iptables log file format


hello everyone,
i am writing a iptables log file parser.
can someone tell me the log file format.
here is an example i found.

Code:
Feb  6 12:04:42 navara kernel: P2P IN=eth1 OUT=eth0 SRC=10.2.20.53
DST=82.20.129.162 LEN=108 TOS=0x00 PREC=0x00 TTL=127 ID=26465 DF
PROTO=TCP SPT=3466 DPT=23394 WINDOW=65535 RES=0x00 ACK PSH URGP=0
Feb  6 12:04:42 navara kernel: P2P IN=eth1 OUT=eth0 SRC=10.2.22.151
DST=62.219.160.113 LEN=108 TOS=0x00 PREC=0x00 TTL=127 ID=31099 DF
PROTO=TCP SPT=2566 DPT=60560 WINDOW=17520 RES=0x00 ACK PSH URGP=0
Feb  6 12:04:42 navara kernel: P2P IN=eth1 OUT=eth0 SRC=10.2.21.235
DST=60.50.83.153 LEN=108 TOS=0x00 PREC=0x00 TTL=127 ID=53682 DF
PROTO=TCP SPT=2878 DPT=12571 WINDOW=17424 RES=0x00 ACK PSH URGP=0
Feb  6 12:04:42 navara kernel: P2P IN=eth1 OUT=eth0 SRC=10.2.49.237
DST=217.91.58.88 LEN=46 TOS=0x00 PREC=0x00 TTL=127 ID=1822 PROTO=UDP
SPT=1079 DPT=4450 LEN=26
Feb  6 12:04:42 navara kernel: P2P IN=eth1 OUT=eth0 SRC=10.2.49.237
DST=80.103.100.105 LEN=63 TOS=0x00 PREC=0x00 TTL=127 ID=1823 PROTO=UDP
SPT=4672 DPT=42129 LEN=43
 
Old 05-13-2007, 12:48 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
what don't you undestand about it? it's impressively straightforward i'd have thought... IN=[in interface] PROTO=[protocol] etc... dst= destination, ttl = time to live, prec = precision, tos = type of service, len = length...
 
Old 05-13-2007, 12:56 PM   #3
xface66
LQ Newbie
 
Registered: Dec 2006
Posts: 29

Original Poster
Rep: Reputation: 15
i know what they mean.
the problem is about the sequence.

i dont know what 'DF' means.
and is there any site that explains what can be the values.

tos = 0x00 what does this mean?
and others?
 
Old 05-13-2007, 01:00 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
just google for the terms... "tcp df" shows DF represents the Do Not Fragment bit. in general this output is for those who generally understand tcp/ip. you're asking about the tos value, well unless you understand type of service, then the hex value there is never going to mean anythign to you, so you may as well just report that verbatim. the tla, "TOS" is very well known to anyone who cares what it is... if the reader needs an explanation, he should ignore it...

ultimate explanaiotn is, of course, here... http://www.faqs.org/rfcs/rfc793.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables log file winxandlinx Linux - Networking 2 02-14-2007 11:42 PM
Question regarding iptables log file jayakrishnan Linux - Networking 1 05-23-2006 06:06 AM
Changing IPtables log file fluff Linux - Networking 0 09-03-2003 04:37 AM
iptables, changing log file from /var/log/messages acid2000 Linux - Networking 3 03-11-2003 08:38 PM
iptables log file Anjo Linux - General 2 02-07-2003 03:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration