Strange places in nft log
by OlgaM from LinuxQuestions.org on (#5M6S4)
Hello, dear forum!
There is a few place in nft log ( input log) i couldn't read propely.
Code:1.
Nov* 8 09:37:12 flower kernel: [10967.520783] New Input packets: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.1.2 DST=192.168.1.2 LEN=85 TOS=0x00 PREC=0xC0 TTL=64 ID=6855 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.2 DST=192.168.1.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=60616 DF PROTO=UDP SPT=49662 DPT=53 LEN=37 ]a.
I see that my laptop ask for ip address.
Src address the same as dst address. Is this some sort of ip spooffing? And for what squre brackets is used?
b.
Code:MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00Strange Mac address, all nulls. Why it ends up with 08:00?
2. Another strange place for me is that:
Code:Nov* 8 09:38:13 flower kernel: [11029.272652] New Input packets: IN=wlo1 OUT= MAC=b8:81:98:cb:ef:a8:5c:77:77:6e:0d:7b:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2SRC=0.0.0.0 means broadcast address?
Why ID = 0
DST=224.0.0.1 is my router?
TTL=1. It means only 1 host, broadcast address send packet to my router?
I will be very gratefull for explanation and for link to special source or book where i can find details about nft logs. It's complicated to find this kind of info in internet. I think ability to read and understand logs is very important part of programming.
Yours sencerely,
Olga
There is a few place in nft log ( input log) i couldn't read propely.
Code:1.
Nov* 8 09:37:12 flower kernel: [10967.520783] New Input packets: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.1.2 DST=192.168.1.2 LEN=85 TOS=0x00 PREC=0xC0 TTL=64 ID=6855 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.1.2 DST=192.168.1.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=60616 DF PROTO=UDP SPT=49662 DPT=53 LEN=37 ]a.
I see that my laptop ask for ip address.
Src address the same as dst address. Is this some sort of ip spooffing? And for what squre brackets is used?
b.
Code:MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00Strange Mac address, all nulls. Why it ends up with 08:00?
2. Another strange place for me is that:
Code:Nov* 8 09:38:13 flower kernel: [11029.272652] New Input packets: IN=wlo1 OUT= MAC=b8:81:98:cb:ef:a8:5c:77:77:6e:0d:7b:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2SRC=0.0.0.0 means broadcast address?
Why ID = 0
DST=224.0.0.1 is my router?
TTL=1. It means only 1 host, broadcast address send packet to my router?
I will be very gratefull for explanation and for link to special source or book where i can find details about nft logs. It's complicated to find this kind of info in internet. I think ability to read and understand logs is very important part of programming.
Yours sencerely,
Olga