Formatul Unei Linii Din Log - Ipchains

8/17/2019 Formatul Unei Linii Din Log - Ipchains

http://slidepdf.com/reader/full/formatul-unei-linii-din-log-ipchains 1/4

i pchai ns - f or mat ul unei l i ni i l ogat e

May 12 04: 09: 11 gush kernel : Packet l og: i nput DENY eth0 PROTO=6 1. 2. 3. 4: 1201

6. 7. 8. 9: 113L=60 S=0x00 I =7178 F=0x4000 T=50 SYN ( #611)

Campur i l e:- "May 12 04: 09: 11" - data- "gush" - numel e cal cul atorul ui meu- "Packet l og: i nput " - numel e chai nul ui car e er a t r aver st a de cat r e pachet- "DENY" - act i unea car e a avut l oc. DENY/ REJ ECT etc. . .- "et h0" - numel e i nt er f et ei pr i n car e t r ecea pachet ul- "PROTO=6" - t i pul pr otocol ul ui . Cel e mai f ol osi t e 6=t cp, 17=udp, 1=i cmp.

Li st a pr ot ocoal el or compl et a e deobi cei i n / et c/ pr ot ocol s- "1. 2. 3. 4: 1201" - Adr esa I P si por t ul de unde a pl ecat pachet ul- "6. 7. 8. 9: 113" - Adr esa I P si por t ul unde t r ebui a sa aj unga pachet ul- "L=60" - Lungi mea pachetul ui i n byt es

- "S=0x00" - TOS( t ype of servi ce)- "I =7178" - I D- ul pachet ul ui- "F=0x4000" - Fl ag- uri l e( 3bi t i ) s i of f set - ul f ragment ul ui ( 13 bi t i )- "T=50" - TTL- ul ( t i me t o l i ve) pachet ul ui / numar ul de hop- ur i dupa car e se var enunt a

l a rutarea pachet ul ui- "SYN" - Pachetul avea SYN- ul set at . Poate f i gen URG/ ACK/ PSH/ RST/ SYN/ FI N- "( #611) " - numar ul r egul i i di n f i r ewal l car e s- a apl i cat pachet ul ui

Li st a cu por t ur i l e dest i nat i e t cp/ udp e deobi cei i n / et c/ ser vi ces.Pent r u t i pur i l e de pachet e i cmp si codur i l e af er ent e l i st el e ur mat oar e:

Ti pur i I CMP:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -0 Echo Repl y [ RFC792]1 Unassi gned [ J BP]2 Unassi gned [ J BP]3 Dest i nat i on Unreachabl e [ RFC792]4 Sour ce Quench [ RFC792]5 Redi r ect [ RFC792]6 Al t er nat e Host Addr ess [ J BP]7 Unassi gned [ J BP]8 Echo [ RFC792]9 Rout er Advert i sement [ RFC1256]

10 Rout er Sol i ci t at i on [ RFC1256]11 Ti me Exceeded [ RFC792]12 Par ameter Probl em [ RFC792]

13 Ti mest amp [ RFC792]14 Ti mest amp Repl y [ RFC792]15 I nf ormat i on Request [ RFC792]16 I nf ormat i on Repl y [ RFC792]17 Addr ess Mask Request [ RFC950]18 Addr ess Mask Repl y [ RFC950]19 Reser ved ( f or Secur i t y) [ Sol o]20- 29 Reser ved ( f or Robust ness Experi ment ) [ ZSu]30 Tracer out e [ RFC1393]31 Datagr am Conversi on Err or [ RFC1475]32 Mobi l e Host Redi r ect [ Davi d J ohnson]33 I Pv6 Wher e- Ar e- You [ Bi l l Si mpson]34 I Pv6 I - Am- Her e [ Bi l l Si mpson]



35 Mobi l e Regi st r at i on Request [ Bi l l Si mpson]36 Mobi l e Regi st r at i on Repl y [ Bi l l Si mpson]37 Domai n Name Request [ Si mpson]

38 Domai n Name Repl y [ Si mpson]39 SKI P [ Markson]40 Phot ur i s [ RFC2521]41- 255 Reser ved [ J BP]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Ti pur i si codur i l e af erente I CMP:- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

0 Echo Repl y [ RFC792]

Codes0 No Code

1 Unassi gned [ J BP]


3 Dest i nat i on Unr eachabl e [ RFC792]

Codes0 Net Unreachabl e1 Host Unreachabl e

2 Prot ocol Unr eachabl e3 Por t Unreachabl e4 Fr agmentat i on Needed and Don' t Fr agment was Set5 Sour ce Rout e Fai l ed

6 Dest i nat i on Net work Unknown7 Dest i nat i on Host Unknown8 Sour ce Host I sol at ed9 Communi cat i on wi t h Dest i nat i on Network i s

Admi ni st r at i vel y Pr ohi bi t ed10 Communi cat i on wi t h Dest i nat i on Host i s

Admi ni st r at i vel y Pr ohi bi t ed11 Dest i nat i on Network Unr eachabl e f or Type of Servi ce12 Dest i nat i on Host Unr eachabl e f or Type of Ser vi ce13 Communi cat i on Admi ni st r at i vel y Prohi bi t ed [ RFC1812]14 Host Precedence Vi ol at i on [ RFC1812]15 Precedence cut of f i n ef f ect [ RFC1812]

4 Sour ce Quench [ RFC792]Codes

0 No Code

5 Redi r ect [ RFC792]

Codes0 Redi r ect Dat agr amf or t he Net work (or subnet )1 Redi r ect Dat agr amf or t he Host2 Redi r ect Datagr amf or t he Type of Servi ce and Network3 Redi r ect Datagr amf or t he Type of Ser vi ce and Host

6 Al t er nate Host Addr ess [ J BP]



Codes

0 Al t ernat e Addr ess f or Host


8 Echo [ RFC792]

Codes0 No Code

9 Router Adver t i sement [ RFC1256]

Codes0 Normal r out er adver t i sement

16 Does not r out e common t r af f i c [ RFC2002]

10 Rout er Sel ect i on [ RFC1256]

Codes0 No Code

11 Ti me Exceeded [ RFC792]

Codes0 Ti me t o Li ve exceeded i n Transi t1 Fr agment Reassembl y Ti me Exceeded

12 Par amet er Probl em [ RFC792]

Codes0 Poi nt er i ndi cat es t he er r or1 Mi ss i ng a Requi r ed Opt i on [ RFC1108]2 Bad Lengt h

13 Ti mest amp [ RFC792]

Codes0 No Code

14 Ti mest amp Repl y [ RFC792]

Codes0 No Code

15 I nf ormat i on Request [ RFC792]

Codes0 No Code

16 I nf ormat i on Repl y [ RFC792]

Codes0 No Code



17 Address Mask Request [ RFC950]

Codes

0 No Code

18 Address Mask Repl y [ RFC950]

Codes0 No Code

19 Reser ved ( f or Secur i t y) [ Sol o]

20- 29 Reser ved ( f or Robust ness Experi ment ) [ ZSu]

30 Tracer out e [ RFC1393]

31 Dat agr am Conver si on Err or [ RFC1475]

32 Mobi l e Host Redi r ect [ Davi d J ohnson]

33 I Pv6 Wher e- Ar e- You [ Bi l l Si mpson]

34 I Pv6 I - Am- Her e [ Bi l l Si mpson]

35 Mobi l e Regi st r at i on Request [ Bi l l Si mpson]

36 Mobi l e Regi st r at i on Repl y [ Bi l l Si mpson]

39 SKI P [ Markson]

40 Phot ur i s [ RFC2521]

Codes0 = Bad SPI1 = Aut hent i cat i on Fai l ed2 = Decompressi on Fai l ed3 = Decrypt i on Fai l ed4 = Need Authent i cat i on

Formatul Unei Linii Din Log - Ipchains

Documents

Transcript of Formatul Unei Linii Din Log - Ipchains