[ previous ] [ next ] [ threads ]
 
 From:  Graham Dunn <gdunn at inscriber dot com>
 To:  Adrian Padilla <Adrianp918 at majesticsoundsonline dot com>
 Cc:  mono <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] log meaning
 Date:  Thu, 30 Sep 2004 16:58:01 -0400 
On Thu, Sep 30, 2004 at 04:33:48PM -0400, Adrian Padilla wrote:
> Sep 30 12:39:11 192.168.1.1 ipmon[65]: 12:39:11.193084 rl0 @0:17 b
> 24.161.178.132,2227 -> 24.164.73.176,5000 PR tcp len 20 48 -S IN
> 
> Can someone tell me what this all means in plain ole English...please 


Sep 30 12:39:11 - Ye olde date
192.168.1.1 - thine server's Ip address
ipmon[65] - thine daemon's name and process number
12:39:11.193084 - ye olde date stampe
rl0 - thine interface
@0:17 - groupe and number of rule that doth match
b - action thou filter didst taketh (b = block)
24.161.178.132,2227 - origin of packet (IP, source porte)
24.164.73.176,5000 - ye olde destination (as above)
PR
tcp - the protocol
len 20 48 -S in - extra flags

oh, sorry, not olde english.

It means someone (24.161.178.132) tried to connect to you
(24.164.73.176) at port 5000, and was denied.

see http://ezine.daemonnews.org/200407/ipfilter.html for a field by
field explanation (look for "Format of Logged Messages").


Graham