Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

having trouble reading ipf logs ... different than documentation ?

From: "list tracker" <list_tracker () hotmail com>
Date: Thu, 01 Feb 2001 19:36:23 -0000

Hello,

When I read the ipf howto:

http://www.obfuscation.org/ipf/ipf-howto.txt

I am old that I should expect logs in this format:
15:57:33.803147 ppp0 @0:2 b 100.100.100.103,443 -> 20.20.20.10,4923 PR tcp len 20 1488 -A
^^ This makes perfect sense. (I see 100.100.100.103 talking to 20.20.20.10 using tcp on port 443. easy.) 

But, when I run ipmon with this argument:

/sbin/ipmon -D -s  (to put the logs into syslog)

the messages I see in syslog look like this:
Feb 1 11:32:45 gateway ipmon[28872]: 11:32:45.403275 fxp1 @0:0 L 126.6.37.39 -> 10.10.10.10 PR 162 len 0 (49185) frag 49185@384
I block telnet (port 22 tcp and udp) on my firewall, and I generated the above syslog entry by trying to telnet somewhere...anyway, the first thing I notice is, there is no mention of port 22 in this entry. Second, PR is 162 instead of tcp ...
pretty much _all_ I can tell is that machine X on my network tried to communicate with machine Y, and it broke a rule that triggered a log. I don't know what port, what protocol ... 

What am I doing wrong / ignorant of ?

thanks,

LT
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: