Two references are below

Sometime, in kern.log or dmesg contain the following message by issuing "ufw" more precisely iptable.
[UFW BLOCK INPUT]: IN=eth0 OUT= MAC=*************** SRC=*.*.*.* DST=**.**.***.*** LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=23860 DF PROTO=TCP SPT=8000 DPT=42776 WINDOW=35568 RES=0x00 ACK URGP=0

Here, some short explanations which I found in the references. Still not enough to understand for me.

SRC=The source address of the IP packet.
DST=The destination address of the IP packet.
LEN = The length of the IP packet.
TOS = The Type of Service of the IP packet.
PREC =The Precedence of the IP packet.
TTL = The time to live of the IP packet.
ID = The id of the IP packet.
flags = "CE" (congestion), "DF" (don't fragment), or "MF" (more fragments are coming).
PROTO = The name/number of the protocol that the IP packet encapsulates. This will be 'TCP', 'UDP', 'ICMP', or a number corresponding to the protocol in /etc/protocols or http://www.iana.org/assignments/protocol-numbers/

TCP
SPT: The source port of the tcp packet.
DPT: The destination port of the tcp packet.
WINDOW The length of the TCP window. 
RES :
The reserved bits.
flags : any bination of "CWR" (Congestion Window Reduced), "ECE" (Explicit Congestion Notification Echo), "URG" (Urgent), "ACK" (Acknowledgement), "PSH" (Push), "RST" (Reset), "SYN" (Synchronize), or "FIN" (Finished)
URGP: The urgent pointer.


UDP
SPT: The source port of the UDP packet.
DPT: The destination port of the UDP packet.
LEN: The length of the UDP packet


ICMP
TYPE: The numeric type of the ICMP packet
CODE: The numeric code of the ICMP packet
ID :
The id of the ICMP echo packet.
SEQ : The sequence number of the ICMP echo packet.

신고
posted by citadel