Quote:
Originally posted by nlinecomputers
My logs are showing this at lot:
Oct 7 08:02:29 ares kernel: ABORTED IN=eth1 OUT= MAC=00:c0:f0:3e:14:29:00:06:25:f4:48:49:08:00 SRC=172.179.48.246 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=65259 PROTO=TCP SPT=15282 DPT=6881 SEQ=2395347946 ACK=2779374892 WINDOW=64363 RES=0x00 RST URGP=0
Problem is I don't fully know how to read this. I can see that someone from AOL is trying to attach to my box. What I don't know is what most of the item here mean.
What is LEN, TOS, PREC, TTL, ID, SPT, DPT, SEQ, ACK, WINDOW, RES RST, URGP?
I can't seem to find any docs that I can understand that explain this.
|
The link provided by ilikejam explains the different tcp options.
If you don't understand what it says and you just want to "read" what the log says as you mention, then you don't need LEN,TOS,etc
I will try to explain as briefly as i can what it says.
Oct 7 08:02:29 ares kernel: ABORTED
IN=eth1 OUT= MAC=00:c0:f0:3e:14:29:00:06:25:f4:48:49:08:00
SRC=172.179.48.246 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=65259
PROTO=TCP SPT=15282 DPT=6881 SEQ=2395347946 ACK=2779374892 WINDOW=64363 RES=0x00 RST URGP=0
The packet came in the eth1 interface (incoming traffic).
It came from 172.179.48.246 (something.aol.com) and had destination 192.168.0.3 (you i guess)
The packet protocol was TCP and the source port at the aol machine was 15282 (not important)
The port at your machine it tried to access was 6881
This is the default port of Bittorent clients. It can be anything but if you use a Bittorent client (Azureus,Ktorrent,ctorrent,whatever)
then i guess it has a good possibility that's it.
The flags are RST (reset). Google has a great deal of information about SYN/ACK/RST so i don't mention anything here.
I hope i helped and didn't confuse you.