- Subject: Help with INVALID packets rule. Best way to see the actual packet isloating the rest?
- From: Vishal Jumar <vishaljumar@xxxxxxxx>
- Date: Thu, 12 Apr 2012 16:25:45 +0000
- Importance: Normal
Hello all.
Iam having many entries product of this rule in my syslog...
iptables -A INPUT -m state --state INVALID -j LOG --log-prefix " Invalid NOT DROPPED"
Output:
==> /var/log/messages <==
Apr 12 10:10:04 server3 kernel: Invalid NOT DROPPED IN=eth0 OUT= MAC=40:40:f1:21:08:d9:e0:5f:b9:4a:5f:ff:08:00 SRC=50.50.193.113 DST=164.177.152.170 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=26573 DF PROTO=TCP SPT=56602 DPT=80 WINDOW=16425 RES=0x00 ACK FIN URGP=0
How can I view the packet that this rule match is originating? There must be a better way then sniffing all the traffic for 15 min from port 80.. because that would produce toooo much data.
Regards,
Vishal
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
