[svlug] packet info

[Marc Merlin]

I found this in my firewall logs:
(the server's IP is 204.80.113.97)

Mar 10 04:49:11 magic kernel: Packet log: fineth0 REJECT eth0 PROTO=6 158.67.15.223:3734 204.80.113.97:554 L=44 S=0x00 I=25168 F=0x4000 T=108

That's a UDP packet. According to
ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers, port 554 is:
rtsp            554/udp    Real Time Stream Control Protocol

I thought for a second that it might be related to the realvideo server I
have on my machine, but I tried to connect from home, and it generates no
such packet.
Any idea what it is?


As for this one:
Mar 10 04:52:09 magic kernel: Packet log: fineth0 REJECT eth0 PROTO=1 134.214.100.245:4 204.80.113.97:0 L=112 S=0x00 I=23827 F=0x4000 T=234

That's an ICMP packet, and I suppose that :0 means that it is service 0.

I just can't find out what service 0 is.

moremagic:~# ipchains -h icmp | more
ipchains 1.3.8, 27-Oct-1998

Valid ICMP Types:
echo-reply (pong)
destination-unreachable
   network-unreachable
(...)

it starts  with echo-reply which is  1 if I'm not  mistaken. I'm planning to
find some ICMP  RFC to get more info,  but I first want to make  sure that I
understand the packet correctly and that I'm indeed looking for service type
0.

Thanks,
Marc
-- 
"Microsoft is to software what McDonalds is to gourmet cooking"
 
Home page: http://marc.merlins.org/ (friendly to non IE browsers)
Finger marc_f at merlins.org for PGP key and other contact information

--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
see http://www.svlug.org/mdstuff/lists.shtml for posting guidelines.