Help with INVALID packets rule. Best way to see the actual packet isloating the rest?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hello all. Iam having many entries product of this rule in my syslog... iptables -A INPUT -m state --state INVALID -j LOG --log-prefix " Invalid NOT DROPPED" Output: ==> /var/log/messages <== Apr 12 10:10:04 server3 kernel: Invalid NOT DROPPED IN=eth0 OUT= MAC=40:40:f1:21:08:d9:e0:5f:b9:4a:5f:ff:08:00 SRC=184.108.40.206 DST=220.127.116.11 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=26573 DF PROTO=TCP SPT=56602 DPT=80 WINDOW=16425 RES=0x00 ACK FIN URGP=0 How can I view the packet that this rule match is originating? There must be a better way then sniffing all the traffic for 15 min from port 80.. because that would produce toooo much data. Regards, Vishal -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html