Post on 06-Jul-2018
8/17/2019 Formatul Unei Linii Din Log - Ipchains
http://slidepdf.com/reader/full/formatul-unei-linii-din-log-ipchains 1/4
i pchai ns - f or mat ul unei l i ni i l ogat e
May 12 04: 09: 11 gush kernel : Packet l og: i nput DENY eth0 PROTO=6 1. 2. 3. 4: 1201
6. 7. 8. 9: 113L=60 S=0x00 I =7178 F=0x4000 T=50 SYN ( #611)
Campur i l e:- "May 12 04: 09: 11" - data- "gush" - numel e cal cul atorul ui meu- "Packet l og: i nput " - numel e chai nul ui car e er a t r aver st a de cat r e pachet- "DENY" - act i unea car e a avut l oc. DENY/ REJ ECT etc. . .- "et h0" - numel e i nt er f et ei pr i n car e t r ecea pachet ul- "PROTO=6" - t i pul pr otocol ul ui . Cel e mai f ol osi t e 6=t cp, 17=udp, 1=i cmp.
Li st a pr ot ocoal el or compl et a e deobi cei i n / et c/ pr ot ocol s- "1. 2. 3. 4: 1201" - Adr esa I P si por t ul de unde a pl ecat pachet ul- "6. 7. 8. 9: 113" - Adr esa I P si por t ul unde t r ebui a sa aj unga pachet ul- "L=60" - Lungi mea pachetul ui i n byt es
- "S=0x00" - TOS( t ype of servi ce)- "I =7178" - I D- ul pachet ul ui- "F=0x4000" - Fl ag- uri l e( 3bi t i ) s i of f set - ul f ragment ul ui ( 13 bi t i )- "T=50" - TTL- ul ( t i me t o l i ve) pachet ul ui / numar ul de hop- ur i dupa car e se var enunt a
l a rutarea pachet ul ui- "SYN" - Pachetul avea SYN- ul set at . Poate f i gen URG/ ACK/ PSH/ RST/ SYN/ FI N- "( #611) " - numar ul r egul i i di n f i r ewal l car e s- a apl i cat pachet ul ui
Li st a cu por t ur i l e dest i nat i e t cp/ udp e deobi cei i n / et c/ ser vi ces.Pent r u t i pur i l e de pachet e i cmp si codur i l e af er ent e l i st el e ur mat oar e:
Ti pur i I CMP:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -0 Echo Repl y [ RFC792]1 Unassi gned [ J BP]2 Unassi gned [ J BP]3 Dest i nat i on Unreachabl e [ RFC792]4 Sour ce Quench [ RFC792]5 Redi r ect [ RFC792]6 Al t er nat e Host Addr ess [ J BP]7 Unassi gned [ J BP]8 Echo [ RFC792]9 Rout er Advert i sement [ RFC1256]
10 Rout er Sol i ci t at i on [ RFC1256]11 Ti me Exceeded [ RFC792]12 Par ameter Probl em [ RFC792]
13 Ti mest amp [ RFC792]14 Ti mest amp Repl y [ RFC792]15 I nf ormat i on Request [ RFC792]16 I nf ormat i on Repl y [ RFC792]17 Addr ess Mask Request [ RFC950]18 Addr ess Mask Repl y [ RFC950]19 Reser ved ( f or Secur i t y) [ Sol o]20- 29 Reser ved ( f or Robust ness Experi ment ) [ ZSu]30 Tracer out e [ RFC1393]31 Datagr am Conversi on Err or [ RFC1475]32 Mobi l e Host Redi r ect [ Davi d J ohnson]33 I Pv6 Wher e- Ar e- You [ Bi l l Si mpson]34 I Pv6 I - Am- Her e [ Bi l l Si mpson]
8/17/2019 Formatul Unei Linii Din Log - Ipchains
http://slidepdf.com/reader/full/formatul-unei-linii-din-log-ipchains 2/4
35 Mobi l e Regi st r at i on Request [ Bi l l Si mpson]36 Mobi l e Regi st r at i on Repl y [ Bi l l Si mpson]37 Domai n Name Request [ Si mpson]
38 Domai n Name Repl y [ Si mpson]39 SKI P [ Markson]40 Phot ur i s [ RFC2521]41- 255 Reser ved [ J BP]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ti pur i si codur i l e af erente I CMP:- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 Echo Repl y [ RFC792]
Codes0 No Code
1 Unassi gned [ J BP]
2 Unassi gned [ J BP]
3 Dest i nat i on Unr eachabl e [ RFC792]
Codes0 Net Unreachabl e1 Host Unreachabl e
2 Prot ocol Unr eachabl e3 Por t Unreachabl e4 Fr agmentat i on Needed and Don' t Fr agment was Set5 Sour ce Rout e Fai l ed
6 Dest i nat i on Net work Unknown7 Dest i nat i on Host Unknown8 Sour ce Host I sol at ed9 Communi cat i on wi t h Dest i nat i on Network i s
Admi ni st r at i vel y Pr ohi bi t ed10 Communi cat i on wi t h Dest i nat i on Host i s
Admi ni st r at i vel y Pr ohi bi t ed11 Dest i nat i on Network Unr eachabl e f or Type of Servi ce12 Dest i nat i on Host Unr eachabl e f or Type of Ser vi ce13 Communi cat i on Admi ni st r at i vel y Prohi bi t ed [ RFC1812]14 Host Precedence Vi ol at i on [ RFC1812]15 Precedence cut of f i n ef f ect [ RFC1812]
4 Sour ce Quench [ RFC792]Codes
0 No Code
5 Redi r ect [ RFC792]
Codes0 Redi r ect Dat agr amf or t he Net work (or subnet )1 Redi r ect Dat agr amf or t he Host2 Redi r ect Datagr amf or t he Type of Servi ce and Network3 Redi r ect Datagr amf or t he Type of Ser vi ce and Host
6 Al t er nate Host Addr ess [ J BP]
8/17/2019 Formatul Unei Linii Din Log - Ipchains
http://slidepdf.com/reader/full/formatul-unei-linii-din-log-ipchains 3/4
Codes
0 Al t ernat e Addr ess f or Host
7 Unassi gned [ J BP]
8 Echo [ RFC792]
Codes0 No Code
9 Router Adver t i sement [ RFC1256]
Codes0 Normal r out er adver t i sement
16 Does not r out e common t r af f i c [ RFC2002]
10 Rout er Sel ect i on [ RFC1256]
Codes0 No Code
11 Ti me Exceeded [ RFC792]
Codes0 Ti me t o Li ve exceeded i n Transi t1 Fr agment Reassembl y Ti me Exceeded
12 Par amet er Probl em [ RFC792]
Codes0 Poi nt er i ndi cat es t he er r or1 Mi ss i ng a Requi r ed Opt i on [ RFC1108]2 Bad Lengt h
13 Ti mest amp [ RFC792]
Codes0 No Code
14 Ti mest amp Repl y [ RFC792]
Codes0 No Code
15 I nf ormat i on Request [ RFC792]
Codes0 No Code
16 I nf ormat i on Repl y [ RFC792]
Codes0 No Code
8/17/2019 Formatul Unei Linii Din Log - Ipchains
http://slidepdf.com/reader/full/formatul-unei-linii-din-log-ipchains 4/4
17 Address Mask Request [ RFC950]
Codes
0 No Code
18 Address Mask Repl y [ RFC950]
Codes0 No Code
19 Reser ved ( f or Secur i t y) [ Sol o]
20- 29 Reser ved ( f or Robust ness Experi ment ) [ ZSu]
30 Tracer out e [ RFC1393]
31 Dat agr am Conver si on Err or [ RFC1475]
32 Mobi l e Host Redi r ect [ Davi d J ohnson]
33 I Pv6 Wher e- Ar e- You [ Bi l l Si mpson]
34 I Pv6 I - Am- Her e [ Bi l l Si mpson]
35 Mobi l e Regi st r at i on Request [ Bi l l Si mpson]
36 Mobi l e Regi st r at i on Repl y [ Bi l l Si mpson]
39 SKI P [ Markson]
40 Phot ur i s [ RFC2521]
Codes0 = Bad SPI1 = Aut hent i cat i on Fai l ed2 = Decompressi on Fai l ed3 = Decrypt i on Fai l ed4 = Need Authent i cat i on