[ previous ] [ next ] [ threads ]
 
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  "gr at redskycom dot net" <gr at redskycom dot net>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] LOG EXPLANATION
 Date:  Thu, 11 Mar 2004 15:43:42 -0700
At 03:09 AM 3/10/2004, gr at redskycom dot net wrote:
>I have problems in understanding in detail the data reported on the log
>
>11:04:44.135450 sis1 @200:7 p 192.168.0.5 -> 192.168.0.1 PR icmp len 20
>60 icmp echoreply/0 K-S OUT
>11:04:44.112191 sis1 @200:7 p 192.168.0.1 -> 192.168.0.5 PR icmp len 20
>60 icmp echo/0 K-S IN
>
>can someone explain it ?

This is a FAQ, answered about every two weeks.  You =could= check the archives.

Or, do a "man ipmon" on a FreeBSD system.

Or, if you don't have a FreeBSD system, use the on-line manual pages found 
at http://www.freebsd.org/cgi/man.cgi.


>I understand probably all of ot, but
>  @200:7     is it indicating the rule ? but how ?

Rule set 200, line 7 allowed the above packets to pass the filter.

          -crl
--
Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228

-- CONFIDENTIALITY NOTICE --

This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.