Maik Linnemann
2017-07-04 07:01:02 UTC
Dear List,
i found that in some log lines theres a "DF" behind the ID (see example). Not in all but in some. I couldnt find out what it is for and how to disable it (for log parsing). May I ask someone to give an explanation or a hint?! Thanks in advance!
Jul 2 15:57:35 HOST Shorewall:loc-net:ACCEPT: IN=eth1.1 OUT=eth0 MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=192.168.0.1 DST=xxx.xxx.xx.xxx LEN=48 TOS=00 PREC=0x00 TTL=127 ID=10882 DF PROTO=TCP SPT=50764 DPT=443 SEQ=3276908360 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0
Regards,
i found that in some log lines theres a "DF" behind the ID (see example). Not in all but in some. I couldnt find out what it is for and how to disable it (for log parsing). May I ask someone to give an explanation or a hint?! Thanks in advance!
Jul 2 15:57:35 HOST Shorewall:loc-net:ACCEPT: IN=eth1.1 OUT=eth0 MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=192.168.0.1 DST=xxx.xxx.xx.xxx LEN=48 TOS=00 PREC=0x00 TTL=127 ID=10882 DF PROTO=TCP SPT=50764 DPT=443 SEQ=3276908360 ACK=0 WINDOW=8192 SYN URGP=0 MARK=0
Regards,