Re: Truncated firewall log entries.

From: Trygve Selmer (trselmer_at_start.no)
Date: 07/16/05


Date: Sat, 16 Jul 2005 01:14:09 +0200

scud wrote:
> Tauno Voipio wrote:
>
>> Rincewind wrote:
>>
>>> I was just checking my firewall logs and found these two entries in
>>> among
>>> the usual rubbish:
>>>
>>> Jul 10 18:03:41 gateway kernel: IPTABLES-IN=eth1 OUT=
>>> MAC=00:c0:26:a5:02:46:00:0e:39:d1:58:8c:08:00 SRC=134.241.122.135
>>> DST=82.7.13.76 LEN=196 TOS=0x00 PREC=0x00 TTL=108 ID=26954 PROTO=46
>>> Jul 10 18:03:41 gateway kernel: IPTABLES-IN=eth1 OUT=
>>> MAC=00:c0:26:a5:02:46:00:0e:39:d1:58:8c:08:00 SRC=134.241.122.135
>>> DST=82.7.13.76 LEN=180 TOS=0x00 PREC=0x00 TTL=105 ID=31095 PROTO=46
>>> ......
>>
>>
>> The entries are not truncated: iptables cannot dissect
>> the protocol 46 any further - it's not TCP or UDP traffic
>> and as such there are no ports to report.
>>
> From iana.org:
>
> mpm-snd 46/tcp MPM [default send]
> mpm-snd 46/udp MPM [default send]
>
> A+

The dump says protocol 46 (which do not have any ports) !
TCP is protocol 6 and UDP is protocol 17.



Relevant Pages

  • Re: PORT 135 still open with Norton PF 2002
    ... Protocol: ... TCP or UDP ... Remote service: Any Service ...
    (comp.security.firewalls)
  • Re: Allow Wimba Live Classroom via ISA 2004 on SBS 2003
    ... "The wimbamedia client first tries to connect through UDP 5998 then TCP ... Maybe I can get it to work by defining the custom protocol with primary UDP 5998 Send or Send Receive and secondary TCP 5998 Outbound. ... If not a custom access rule, to what rule do I attach the custom protocol? ...
    (microsoft.public.windows.server.sbs)
  • Re: Some thoughts of DECnet Phase IV vs. DECnet Phase V
    ... So I googled for "TCP layer", ... TCP, UDP, ... ICMP is a special case, because while it is a protocol on the same level as TCP and UDP, it is a mandatory protocol that IP itself uses for error handling and other stuff. ... TCP also has the concept of a session, whereas UDP packet is delivered ...
    (comp.os.vms)
  • Re: TCP_NODELAY
    ... Using TCP as a catch all protocol is a bad idea. ... channel + UDP 'action' messages. ... because it can _always_ introduce latency (noise on the line ...
    (microsoft.public.win32.programmer.networks)
  • Re: how exactly UDP tunneling works...
    ... >that sounds strange because UDP is not reliable protocol opposite to TCP ( ... >many routers allow configuration not allowed UDP to pass because of that). ...
    (microsoft.public.win32.programmer.networks)