Understanding iptables ICMP log
I am studing IPTABLES and yesterday I was visiting a company and to connect to their network I had to turn of my firewall.
It was assigned the local IP to my wireless interface. I got this logs a few times while I was there, and I would like to understand them.
So yesterday I got this LOG:
Feb 14 14:10:55 localhost kernel: [131988.098112] iptablesIP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.245 DST=192.168.0.245 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=39913 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.0.245 DST=192.168.0.218 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21366 DF PROTO=TCP SPT=55458 DPT=8009 WINDOW=29200 RES=0x00 SYN URGP=0 ]
Today I noticed that I am still getting this kind of log, but now with an external IP:
Feb 15 08:39:15 localhost kernel: [155744.166284] iptablesIP IN=wlp2s0 OUT= MAC=5c:c9:d3:31:e8:84:00:04:df:d8:40:05:08:00 SRC=147.75.70.44 DST=192.168.1.42 LEN=576 TOS=0x00 PREC=0x00 TTL=49 ID=48088 PROTO=ICMP TYPE=3 CODE=4 [SRC=192.168.1.42 DST=147.75.70.44 LEN=1492 TOS=0x08 PREC=0x40 TTL=43 ID=5197 DF PROTO=TCP SPT=26264 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0 ] MTU=1480
Can someone help me to understand what means?
Thank you!
iptables logging
asked Feb 16 at 9:39
user8012user8012
33
add a comment |
I am studing IPTABLES and yesterday I was visiting a company and to connect to their network I had to turn of my firewall.
It was assigned the local IP to my wireless interface. I got this logs a few times while I was there, and I would like to understand them.
So yesterday I got this LOG:
Feb 14 14:10:55 localhost kernel: [131988.098112] iptablesIP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.245 DST=192.168.0.245 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=39913 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.0.245 DST=192.168.0.218 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21366 DF PROTO=TCP SPT=55458 DPT=8009 WINDOW=29200 RES=0x00 SYN URGP=0 ]
Today I noticed that I am still getting this kind of log, but now with an external IP:
Feb 15 08:39:15 localhost kernel: [155744.166284] iptablesIP IN=wlp2s0 OUT= MAC=5c:c9:d3:31:e8:84:00:04:df:d8:40:05:08:00 SRC=147.75.70.44 DST=192.168.1.42 LEN=576 TOS=0x00 PREC=0x00 TTL=49 ID=48088 PROTO=ICMP TYPE=3 CODE=4 [SRC=192.168.1.42 DST=147.75.70.44 LEN=1492 TOS=0x08 PREC=0x40 TTL=43 ID=5197 DF PROTO=TCP SPT=26264 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0 ] MTU=1480
Can someone help me to understand what means?
Thank you!
iptables logging
asked Feb 16 at 9:39
user8012user8012
33
add a comment |
I am studing IPTABLES and yesterday I was visiting a company and to connect to their network I had to turn of my firewall.
It was assigned the local IP to my wireless interface. I got this logs a few times while I was there, and I would like to understand them.
So yesterday I got this LOG:
Feb 14 14:10:55 localhost kernel: [131988.098112] iptablesIP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.245 DST=192.168.0.245 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=39913 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.0.245 DST=192.168.0.218 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21366 DF PROTO=TCP SPT=55458 DPT=8009 WINDOW=29200 RES=0x00 SYN URGP=0 ]
Today I noticed that I am still getting this kind of log, but now with an external IP:
Feb 15 08:39:15 localhost kernel: [155744.166284] iptablesIP IN=wlp2s0 OUT= MAC=5c:c9:d3:31:e8:84:00:04:df:d8:40:05:08:00 SRC=147.75.70.44 DST=192.168.1.42 LEN=576 TOS=0x00 PREC=0x00 TTL=49 ID=48088 PROTO=ICMP TYPE=3 CODE=4 [SRC=192.168.1.42 DST=147.75.70.44 LEN=1492 TOS=0x08 PREC=0x40 TTL=43 ID=5197 DF PROTO=TCP SPT=26264 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0 ] MTU=1480
Can someone help me to understand what means?
Thank you!
iptables logging
asked Feb 16 at 9:39
user8012user8012
33
I am studing IPTABLES and yesterday I was visiting a company and to connect to their network I had to turn of my firewall.
It was assigned the local IP to my wireless interface. I got this logs a few times while I was there, and I would like to understand them.
So yesterday I got this LOG:
Feb 14 14:10:55 localhost kernel: [131988.098112] iptablesIP IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.245 DST=192.168.0.245 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=39913 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.0.245 DST=192.168.0.218 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21366 DF PROTO=TCP SPT=55458 DPT=8009 WINDOW=29200 RES=0x00 SYN URGP=0 ]
Today I noticed that I am still getting this kind of log, but now with an external IP:
Feb 15 08:39:15 localhost kernel: [155744.166284] iptablesIP IN=wlp2s0 OUT= MAC=5c:c9:d3:31:e8:84:00:04:df:d8:40:05:08:00 SRC=147.75.70.44 DST=192.168.1.42 LEN=576 TOS=0x00 PREC=0x00 TTL=49 ID=48088 PROTO=ICMP TYPE=3 CODE=4 [SRC=192.168.1.42 DST=147.75.70.44 LEN=1492 TOS=0x08 PREC=0x40 TTL=43 ID=5197 DF PROTO=TCP SPT=26264 DPT=80 WINDOW=229 RES=0x00 ACK URGP=0 ] MTU=1480
Can someone help me to understand what means?
Thank you!
iptables logging
iptables logging
asked Feb 16 at 9:39
user8012user8012
33
asked Feb 16 at 9:39
user8012user8012
33
asked Feb 16 at 9:39
user8012user8012
33
asked Feb 16 at 9:39
user8012user8012
33
asked Feb 16 at 9:39
user8012user8012
33
33
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
ICMP type 3 is "Destination Unreachable". So apparently, your PC attempted to contact 192.168.0.218 ( local on their net) yesterday and 147.75.70.44 today. We are even told about the ports: Yesterday it was port 8009 (most likely some "alternative" HTTP) and today port 80 (most certainly standard HTTP). The IP 147.75.70.44 seems to be alive and serve www.nielsen.com
As to why your PC would attempt to surf these hosts or why they were not reached, the ICMP message tells us nothing ...
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
add a comment |
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1406412%2funderstanding-iptables-icmp-log%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
ICMP type 3 is "Destination Unreachable". So apparently, your PC attempted to contact 192.168.0.218 ( local on their net) yesterday and 147.75.70.44 today. We are even told about the ports: Yesterday it was port 8009 (most likely some "alternative" HTTP) and today port 80 (most certainly standard HTTP). The IP 147.75.70.44 seems to be alive and serve www.nielsen.com
As to why your PC would attempt to surf these hosts or why they were not reached, the ICMP message tells us nothing ...
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
add a comment |
ICMP type 3 is "Destination Unreachable". So apparently, your PC attempted to contact 192.168.0.218 ( local on their net) yesterday and 147.75.70.44 today. We are even told about the ports: Yesterday it was port 8009 (most likely some "alternative" HTTP) and today port 80 (most certainly standard HTTP). The IP 147.75.70.44 seems to be alive and serve www.nielsen.com
As to why your PC would attempt to surf these hosts or why they were not reached, the ICMP message tells us nothing ...
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
add a comment |
ICMP type 3 is "Destination Unreachable". So apparently, your PC attempted to contact 192.168.0.218 ( local on their net) yesterday and 147.75.70.44 today. We are even told about the ports: Yesterday it was port 8009 (most likely some "alternative" HTTP) and today port 80 (most certainly standard HTTP). The IP 147.75.70.44 seems to be alive and serve www.nielsen.com
As to why your PC would attempt to surf these hosts or why they were not reached, the ICMP message tells us nothing ...
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
ICMP type 3 is "Destination Unreachable". So apparently, your PC attempted to contact 192.168.0.218 ( local on their net) yesterday and 147.75.70.44 today. We are even told about the ports: Yesterday it was port 8009 (most likely some "alternative" HTTP) and today port 80 (most certainly standard HTTP). The IP 147.75.70.44 seems to be alive and serve www.nielsen.com
As to why your PC would attempt to surf these hosts or why they were not reached, the ICMP message tells us nothing ...
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
answered Feb 16 at 10:09
Hagen von EitzenHagen von Eitzen
513418
513418
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1406412%2funderstanding-iptables-icmp-log%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
