📄 ipchains log format.htm
字号:
<TD align=middle width=20>7</TD>
<TD align=middle width=20>8</TD>
<TD align=middle width=20>9</TD>
<TD align=middle width=20>10</TD>
<TD align=middle width=20>11</TD>
<TD align=middle width=20>12</TD>
<TD align=middle width=20>13</TD>
<TD align=middle width=20>14</TD>
<TD align=middle width=20>15</TD>
<TD align=middle width=20>16</TD>
<TD align=middle width=20>17</TD>
<TD align=middle width=20>18</TD>
<TD align=middle width=20>19</TD>
<TD align=middle width=20>20</TD>
<TD align=middle width=20>21</TD>
<TD align=middle width=20>22</TD>
<TD align=middle width=20>23</TD>
<TD align=middle width=20>24</TD>
<TD align=middle width=20>25</TD>
<TD align=middle width=20>26</TD>
<TD align=middle width=20>27</TD>
<TD align=middle width=20>28</TD>
<TD align=middle width=20>29</TD>
<TD align=middle width=20>30</TD>
<TD align=middle width=20>31</TD></TR>
<TR bgColor=#e2e2e2>
<TD align=middle colSpan=4 height=30>IP Version</TD>
<TD align=middle colSpan=4>Hdr.Length</TD>
<TD align=middle bgColor=#c8c8c8 colSpan=8><B>TOS / DS,ECN</B></TD>
<TD align=middle colSpan=16>Total Length</TD></TR>
<TR bgColor=#e2e2e2>
<TD align=middle colSpan=16 height=30>Identification</TD>
<TD align=middle>-</TD>
<TD align=middle>DF</TD>
<TD align=middle>MF</TD>
<TD align=middle colSpan=13>Fragment Offset</TD></TR>
<TR bgColor=#e2e2e2>
<TD align=middle colSpan=8 height=30>Time To Live</TD>
<TD align=middle colSpan=8>Protocol Number</TD>
<TD align=middle colSpan=16>Header Checksum</TD></TR>
<TR bgColor=#e2e2e2>
<TD align=middle colSpan=32 height=30>32 bit Source Address</TD></TR>
<TR bgColor=#e2e2e2>
<TD align=middle colSpan=32 height=30>32 bit Destination
Address</TD></TR>
<TR bgColor=#e2e2e2>
<TD align=middle colSpan=32 height=40>Options (0 to 10 Words of 32
Bits)</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=32>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR bgColor=#ffffe0>
<TD align=middle height=20> </TD></TR>
<TR bgColor=#e0ffff>
<TD vAlign=top align=middle height=60>IP
Payload<BR>(including header of heigher protocol)
</TD></TR></TBODY></TABLE></TD></TR></TR></TBODY></TABLE>
<P>
<TABLE width=640 border=0>
<TBODY>
<TR>
<TD align=left colSpan=2> <BR>The header of an IP packet
consists of 5 or more words of 32 bits (4 bytes) each. The
minimum header length (no options) is therefore 20 bytes.
The Version field for the shown type of packet is 4 = IPv4
(Internet Protocol version 4). The header Length field is
the header length in 32bit words, this would be 5 without options,
and at most 15 with options. The Total Length is in bytes
and includes the header. Data length can then be calculated
from the supplied values.<BR>
<P></P></TD></TR>
<TR>
<TD align=left><B>TOS / DS / ECN</B>: This field has
had an unstable history. This is briefly explained in <A
href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>, section
19 (near the end).
<P>Many sites are starting to implement Differentiated Services DS
[<A href="http://www.faqs.org/rfcs/rfc2474.html">RFC2474</A>] in
their routers. DS uses <EM>code-points</EM> which are stored in
bits 0 to 5 of the old TOS field. The content and meaning of this
field can change at network boundaries.
<P></P></TD>
<TD vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 border=1>
<TBODY>
<TR>
<TD> </TD>
<TD align=middle width=20>0</TD>
<TD align=middle width=20>1</TD>
<TD align=middle width=20>2</TD>
<TD align=middle width=20>3</TD>
<TD align=middle width=20>4</TD>
<TD align=middle width=20>5</TD>
<TD align=middle width=20>6</TD>
<TD align=middle width=20>7</TD></TR>
<TR>
<TD align=middle height=28>TOS</TD>
<TD align=middle bgColor=#c8c8c8 colSpan=3>Precedence</TD>
<TD align=middle bgColor=#c8c8c8 colSpan=4>Type</TD>
<TD align=middle bgColor=#c8c8c8>-</TD></TR>
<TR>
<TD align=middle height=28>DS,ECN</TD>
<TD align=middle bgColor=#e2e2e2 colSpan=6>DS Codepoint</TD>
<TD align=middle bgColor=#ffffe0>ECT</TD>
<TD align=middle
bgColor=#ffffe0>CE</TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD align=left colSpan=2>If the host is ECN [<A
href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>] capable
and the payload is a TCP packet, then up to two flag bits will be
needed in the old TOS field. Bit 6 becomes the <B>ECT</B>
(ECN-capable Transport) flag, and Bit 7 becomes the <B>CE</B>
(Congestion Experienced) flag.
<P>IP datagrams can be fragmented if the link layer cannot fit it
into a single link layer data unit. The fragment offset is
specified in units of <EM>8-bytes</EM>, thus allowing the
available 13 bits to cover the necessary values for up to 64K of
data.
<P>IP packets usually carry a higher level protocol such as
TCP. In the case of TCP, the PROTO field would be set to 6
and the TCP <I>Protocol Data Unit</I> (PDU) is carried
in the IP Payload field of the packet. See below.
</P></TD></TR></TBODY></TABLE></P></BLOCKQUOTE><A
name=TCPheader></A> <BR>
<H4>TCP Header Format (as defined in <A
href="http://www.faqs.org/rfcs/rfc793.html">RFC-793</A>): </H4>
<BLOCKQUOTE>
<TABLE cellSpacing=0 cellPadding=0 width=640 border=1>
<TBODY>
<TR>
<TD align=middle width=20>0</TD>
<TD align=middle width=20>1</TD>
<TD align=middle width=20>2</TD>
<TD align=middle width=20>3</TD>
<TD align=middle width=20>4</TD>
<TD align=middle width=20>5</TD>
<TD align=middle width=20>6</TD>
<TD align=middle width=20>7</TD>
<TD align=middle width=20>8</TD>
<TD align=middle width=20>9</TD>
<TD align=middle width=20>10</TD>
<TD align=middle width=20>11</TD>
<TD align=middle width=20>12</TD>
<TD align=middle width=20>13</TD>
<TD align=middle width=20>14</TD>
<TD align=middle width=20>15</TD>
<TD align=middle width=20>16</TD>
<TD align=middle width=20>17</TD>
<TD align=middle width=20>18</TD>
<TD align=middle width=20>19</TD>
<TD align=middle width=20>20</TD>
<TD align=middle width=20>21</TD>
<TD align=middle width=20>22</TD>
<TD align=middle width=20>23</TD>
<TD align=middle width=20>24</TD>
<TD align=middle width=20>25</TD>
<TD align=middle width=20>26</TD>
<TD align=middle width=20>27</TD>
<TD align=middle width=20>28</TD>
<TD align=middle width=20>29</TD>
<TD align=middle width=20>30</TD>
<TD align=middle width=20>31</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=16 height=30>Source Port</TD>
<TD align=middle colSpan=16>Destination Port</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=32 height=30>Sequence Number</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=32 height=30>Acknowledgement Number</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=4 height=30>Data<BR>Offset</TD>
<TD class=s8 align=middle>-</TD>
<TD class=s8 align=middle>-</TD>
<TD class=s8 align=middle>-</TD>
<TD class=s8 align=middle>-</TD>
<TD class=s8 align=middle><IMG alt=CWR
src="ipchains Log Format.files/CWR.gif"></TD>
<TD class=s8 align=middle><IMG alt=ECNE
src="ipchains Log Format.files/ECNE.gif"></TD>
<TD class=s8 align=middle><IMG alt=URG
src="ipchains Log Format.files/URG.gif"></TD>
<TD class=s8 align=middle><IMG alt=ACK
src="ipchains Log Format.files/ACK.gif"></TD>
<TD class=s8 align=middle><IMG alt=PSH
src="ipchains Log Format.files/PSH.gif"></TD>
<TD class=s8 align=middle><IMG alt=RST
src="ipchains Log Format.files/RST.gif"></TD>
<TD class=s8 align=middle><IMG alt=SYN
src="ipchains Log Format.files/SYN.gif"></TD>
<TD class=s8 align=middle><IMG alt=FIN
src="ipchains Log Format.files/FIN.gif"></TD>
<TD align=middle colSpan=16>Window</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=16 height=30>Checksum</TD>
<TD align=middle colSpan=16 height=30>Urgent Pointer</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=32 height=40>Options (0 to 10 Words of 32
Bits)</TD></TR>
<TR bgColor=#e0ffff>
<TD align=middle colSpan=32 height=60>TCP Payload
</TD></TR></TBODY></TABLE>
<P>
<TABLE width=640 border=0>
<TBODY>
<TR>
<TD align=left> <BR>The header of a TCP packet consists of 5
or more words of 32 bits (4 bytes) each. The minimum header
length (no options) is therefore 20 bytes. The <EM>Data
Offset</EM> field is the header length in 32bit words, this would
be 5 without options, and at most 15 with options.
<P>Explicit Congestion Notification (ECN) [<A
href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>] adds 2
new flags to the TCP header: <EM>Congestion Window Reduced</EM>
(CWR) and <EM>ECN-Echo</EM> (ECNE). ECN also requires 1 or 2
additional flags in the IP header.
<P>Commonly, the TCP header will carry options related to
enhancements of the TCP protocol. Important options are Window
Scaling, Selective Acknowledgement (SACK) [<A
href="http://www.faqs.org/rfcs/rfc2018.html">RFC2018</A>, <A
href="http://www.faqs.org/rfcs/rfc2883.html">RFC2883</A>] and
Explicit Congestion Notification (ECN) [<A
href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>].
<P>TCP data payload length is the IP payload length minus the TCP
header length.
<P>TCP packets usually carry an application level data stream,
f.e. HTTP, FTP, Telnet, SSH, etc.
</P></TD></TR></TBODY></TABLE></P></BLOCKQUOTE><A
name=UDPheader></A> <BR>
<H4>UDP Header format (as defined in <A
href="http://www.faqs.org/rfcs/rfc768.html">RFC-768</A>): </H4>
<BLOCKQUOTE>
<TABLE cellSpacing=0 cellPadding=0 width=640 border=1>
<TBODY>
<TR>
<TD align=middle width=20>0</TD>
<TD align=middle width=20>1</TD>
<TD align=middle width=20>2</TD>
<TD align=middle width=20>3</TD>
<TD align=middle width=20>4</TD>
<TD align=middle width=20>5</TD>
<TD align=middle width=20>6</TD>
<TD align=middle width=20>7</TD>
<TD align=middle width=20>8</TD>
<TD align=middle width=20>9</TD>
<TD align=middle width=20>10</TD>
<TD align=middle width=20>11</TD>
<TD align=middle width=20>12</TD>
<TD align=middle width=20>13</TD>
<TD align=middle width=20>14</TD>
<TD align=middle width=20>15</TD>
<TD align=middle width=20>16</TD>
<TD align=middle width=20>17</TD>
<TD align=middle width=20>18</TD>
<TD align=middle width=20>19</TD>
<TD align=middle width=20>20</TD>
<TD align=middle width=20>21</TD>
<TD align=middle width=20>22</TD>
<TD align=middle width=20>23</TD>
<TD align=middle width=20>24</TD>
<TD align=middle width=20>25</TD>
<TD align=middle width=20>26</TD>
<TD align=middle width=20>27</TD>
<TD align=middle width=20>28</TD>
<TD align=middle width=20>29</TD>
<TD align=middle width=20>30</TD>
<TD align=middle width=20>31</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=16 height=30>Source Port</TD>
<TD align=middle colSpan=16>Destination Port</TD></TR>
<TR bgColor=#ffffe0>
<TD align=middle colSpan=16 height=30>Total Length</TD>
<TD align=middle colSpan=16 height=30>Checksum (optional)</TD></TR>
<TR bgColor=#e0ffff>
<TD align=middle colSpan=32 height=60>UDP Payload
</TD></TR></TBODY></TABLE>
<P>
<TABLE width=640 border=0>
<TBODY>
<TR>
<TD align=left> <BR>The header of a UDP packet consists of 2
words of 32 bits (4 bytes) each. The header length is
therefore always 8 bytes. The <EM>Total Length</EM> field
includes the UDP header and is measured in bytes.
<P>UDP packets usually carry an application level datagram as
their payload, f.e. DNS, NTP, NFS, etc.
</P></TD></TR></TBODY></TABLE></P></BLOCKQUOTE>
<BLOCKQUOTE>
<TABLE cellSpacing=0 cellPadding=0 width=640 border=0>
<TBODY>
<TR>
<TD>
<P>
<HR width="100%">
<P>All good books on TCP/IP explain the IP, TCP, UDP header
formats in detail. There are also various <A
href="http://www.faqs.org/rfcs/rfc-index.html">RFC</A>s covering
different aspects of IP, ICMP, TCP, UDP and other protocols.
Another good starting point is <A
href="http://www.private.org.il/tcpip_rl.html">Uri's TCP/IP
Resources List</A>. <BR>
</P></TD></TR></TBODY></TABLE></BLOCKQUOTE></TD>
<TR>
<TD vAlign=center align=middle bgColor=#597596 colSpan=2 height=50><A
class=White10>Copyright (c)2001</A><A class=White10
href="mailto:md-nf091@logi.cc">Manfred Bartz</A><A class=White10>,
Melbourne, Australia.</A> </TD></TR></TBODY></TABLE>
<CENTER>
<P><A href="http://python.org/"><IMG alt="Powered by Python"
src="ipchains Log Format.files/PythonPowered.gif" border=0></A>
<A
href="http://apache.org/"><IMG alt="Powered by Apache"
src="ipchains Log Format.files/apache_pb.gif" border=0></A>
<A
href="http://php.net/"><IMG alt="Powered by PHP"
src="ipchains Log Format.files/php-small-trans-light.gif" border=0></A>
</CENTER></P></BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -