[wplug] syslog messages, what do they mean.

John Harrold jmh17 at pitt.edu
Fri Oct 17 13:43:39 EDT 2003


Sometime in October James O'Kane assaulted the keyboard and produced:

| This one time, at band camp, John Harrold said:
| 
| > Oct 17 12:31:05 fw kernel: IN=eth0 OUT=eth0 SRC=123.456.789.987
| > DST=123.456.789.987 LEN=1500 TOS=0x08 PREC=0x00 TTL=62 ID=62304 DF PROTO=TCP
| > SPT=22 DPT=32767 WINDOW=63712 RES=0 x00 ACK URGP=0
| 
| I'm assuming you changed the IP addresses to protect the innocent, but are 
| they really the same address?

yeah i changed the ipaddresses to be polite and yes they are both the same.


| 
| The SPT=22 means that it's a ssh session. You can look in /etc/serivces if 
| you didn't already know that port number. The DPT is the port number for 
| the other machine. From these, you can tell that SRC is the machine 
| running the sshd, and DST is the machine who initiated the connection.

yeah i knew this. fwiw its rsync running over ssh.

i guess my question is why is this being logged as opposed to regular ssh
traffic which doesn't appear to be logged.


-- 
--------------------------------------------------------------------------
                                               | /"\
 john harrold                                  | \ / ASCII ribbon campaign
      jmh at member.fsf.org                    |  X  against HTML mail
           the most useful idiot               | / \
--------------------------------------------------------------------------
 What difference does it make to the dead, the orphans, and the homeless,
 whether the mad destruction is brought under the name of totalitarianism or
 the holy name of liberty and democracy?
 --Gandhi
--------------------------------------------------------------------------
gpg --keyserver keys.indymedia.org --recv-key F65A739E
--------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20031017/5fff2392/attachment-0001.bin


More information about the wplug mailing list