⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 netfilter log format.htm

📁 这是我对防火墙技术的一些见解
💻 HTM
📖 第 1 页 / 共 3 页
字号:
🔍
123 
              <TD align=middle colSpan=8 height=30>Time To Live</TD>
              <TD align=middle colSpan=8>Protocol Number</TD>
              <TD align=middle colSpan=16>Header Checksum</TD></TR>
            <TR bgColor=#e2e2e2>
              <TD align=middle colSpan=32 height=30>32 bit Source 
Address</TD></TR>
            <TR bgColor=#e2e2e2>
              <TD align=middle colSpan=32 height=30>32 bit Destination 
              Address</TD></TR>
            <TR bgColor=#e2e2e2>
              <TD align=middle colSpan=32 height=40>Options (0 to 10 Words of 
                32 Bits)</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=32>
                <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
                  <TBODY>
                  <TR bgColor=#ffffe0>
                    <TD align=middle height=20>&nbsp; </TD></TR>
                  <TR bgColor=#e0ffff>
                    <TD vAlign=top align=middle height=60>IP 
                      Payload<BR>(including header of heigher protocol) 
                  </TD></TR></TBODY></TABLE></TD></TR></TR></TBODY></TABLE>
          <P>
          <TABLE width=640 border=0>
            <TBODY>
            <TR>
              <TD align=left colSpan=2>&nbsp;<BR>The header of an IP packet 
                consists of 5 or more words of 32 bits (4 bytes) each.&nbsp; The 
                minimum header length (no options) is therefore 20 bytes.&nbsp; 
                The Version field for the shown type of packet is 4 = IPv4 
                (Internet Protocol version 4).&nbsp; The header Length field is 
                the header length in 32bit words, this would be 5 without 
                options, and at most 15 with options.&nbsp; The Total Length is 
                in bytes and includes the header.&nbsp; Data length can then be 
                calculated from the supplied values.<BR>&nbsp;
                <P></P></TD></TR>
            <TR>
              <TD align=left><B>TOS / DS / ECN</B>:&nbsp;&nbsp; This field has 
                had an unstable history.&nbsp; This is briefly explained in <A 
                href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>, 
                section 19 (near the end).
                <P>Many sites are starting to implement Differentiated Services 
                DS [<A href="http://www.faqs.org/rfcs/rfc2474.html">RFC2474</A>] 
                in their routers. DS uses <EM>code-points</EM> which are stored 
                in bits 0 to 5 of the old TOS field. The content and meaning of 
                this field can change at network boundaries.
                <P></P></TD>
              <TD vAlign=top>
                <TABLE cellSpacing=0 cellPadding=0 border=1>
                  <TBODY>
                  <TR>
                    <TD>&nbsp;</TD>
                    <TD align=middle width=20>0</TD>
                    <TD align=middle width=20>1</TD>
                    <TD align=middle width=20>2</TD>
                    <TD align=middle width=20>3</TD>
                    <TD align=middle width=20>4</TD>
                    <TD align=middle width=20>5</TD>
                    <TD align=middle width=20>6</TD>
                    <TD align=middle width=20>7</TD></TR>
                  <TR>
                    <TD align=middle height=28>TOS</TD>
                    <TD align=middle bgColor=#c8c8c8 colSpan=3>Precedence</TD>
                    <TD align=middle bgColor=#c8c8c8 colSpan=4>Type</TD>
                    <TD align=middle bgColor=#c8c8c8>-</TD></TR>
                  <TR>
                    <TD align=middle height=28>DS,ECN</TD>
                    <TD align=middle bgColor=#e2e2e2 colSpan=6>DS Codepoint</TD>
                    <TD align=middle bgColor=#ffffe0>ECT</TD>
                    <TD align=middle 
            bgColor=#ffffe0>CE</TD></TR></TBODY></TABLE></TD></TR>
            <TR>
              <TD align=left colSpan=2>If the host is ECN [<A 
                href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>] 
                capable and the payload is a TCP packet, then up to two flag 
                bits will be needed in the old TOS field. Bit 6 becomes the 
                <B>ECT</B> (ECN-capable Transport) flag, and Bit 7 becomes the 
                <B>CE</B> (Congestion Experienced) flag.
                <P>IP datagrams can be fragmented if the link layer cannot fit 
                it into a single link layer data unit. The fragment offset is 
                specified in units of <EM>8-bytes</EM>, thus allowing the 
                available 13 bits to cover the necessary values for up to 64K of 
                data.
                <P>IP packets usually carry a higher level protocol such as 
                TCP.&nbsp; In the case of TCP, the PROTO field would be set to 6 
                and the&nbsp; TCP <I>Protocol Data Unit</I> (PDU)&nbsp; is 
                carried in the IP Payload field of the packet.&nbsp; See below. 
                </P></TD></TR></TBODY></TABLE></P></BLOCKQUOTE><A 
        name=TCPheader></A>&nbsp;<BR>
        <H4>TCP Header Format (as defined in <A 
        href="http://www.faqs.org/rfcs/rfc793.html">RFC-793</A>): </H4>
        <BLOCKQUOTE>
          <TABLE cellSpacing=0 cellPadding=0 width=640 border=1>
            <TBODY>
            <TR>
              <TD align=middle width=20>0</TD>
              <TD align=middle width=20>1</TD>
              <TD align=middle width=20>2</TD>
              <TD align=middle width=20>3</TD>
              <TD align=middle width=20>4</TD>
              <TD align=middle width=20>5</TD>
              <TD align=middle width=20>6</TD>
              <TD align=middle width=20>7</TD>
              <TD align=middle width=20>8</TD>
              <TD align=middle width=20>9</TD>
              <TD align=middle width=20>10</TD>
              <TD align=middle width=20>11</TD>
              <TD align=middle width=20>12</TD>
              <TD align=middle width=20>13</TD>
              <TD align=middle width=20>14</TD>
              <TD align=middle width=20>15</TD>
              <TD align=middle width=20>16</TD>
              <TD align=middle width=20>17</TD>
              <TD align=middle width=20>18</TD>
              <TD align=middle width=20>19</TD>
              <TD align=middle width=20>20</TD>
              <TD align=middle width=20>21</TD>
              <TD align=middle width=20>22</TD>
              <TD align=middle width=20>23</TD>
              <TD align=middle width=20>24</TD>
              <TD align=middle width=20>25</TD>
              <TD align=middle width=20>26</TD>
              <TD align=middle width=20>27</TD>
              <TD align=middle width=20>28</TD>
              <TD align=middle width=20>29</TD>
              <TD align=middle width=20>30</TD>
              <TD align=middle width=20>31</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=16 height=30>Source Port</TD>
              <TD align=middle colSpan=16>Destination Port</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=32 height=30>Sequence Number</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=32 height=30>Acknowledgement 
            Number</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=4 height=30>Data<BR>Offset</TD>
              <TD class=s8 align=middle>-</TD>
              <TD class=s8 align=middle>-</TD>
              <TD class=s8 align=middle>-</TD>
              <TD class=s8 align=middle>-</TD>
              <TD class=s8 align=middle><IMG alt=CWR 
                src="Netfilter Log Format.files/CWR.gif"></TD>
              <TD class=s8 align=middle><IMG alt=ECNE 
                src="Netfilter Log Format.files/ECNE.gif"></TD>
              <TD class=s8 align=middle><IMG alt=URG 
                src="Netfilter Log Format.files/URG.gif"></TD>
              <TD class=s8 align=middle><IMG alt=ACK 
                src="Netfilter Log Format.files/ACK.gif"></TD>
              <TD class=s8 align=middle><IMG alt=PSH 
                src="Netfilter Log Format.files/PSH.gif"></TD>
              <TD class=s8 align=middle><IMG alt=RST 
                src="Netfilter Log Format.files/RST.gif"></TD>
              <TD class=s8 align=middle><IMG alt=SYN 
                src="Netfilter Log Format.files/SYN.gif"></TD>
              <TD class=s8 align=middle><IMG alt=FIN 
                src="Netfilter Log Format.files/FIN.gif"></TD>
              <TD align=middle colSpan=16>Window</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=16 height=30>Checksum</TD>
              <TD align=middle colSpan=16 height=30>Urgent Pointer</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=32 height=40>Options (0 to 10 Words of 
                32 Bits)</TD></TR>
            <TR bgColor=#e0ffff>
              <TD align=middle colSpan=32 height=60>TCP Payload 
          </TD></TR></TBODY></TABLE>
          <P>
          <TABLE width=640 border=0>
            <TBODY>
            <TR>
              <TD align=left>&nbsp;<BR>The header of a TCP packet consists of 
                5 or more words of 32 bits (4 bytes) each.&nbsp; The minimum 
                header length (no options) is therefore 20 bytes.&nbsp; The 
                <EM>Data Offset</EM> field is the header length in 32bit words, 
                this would be 5 without options, and at most 15 with options.
                <P>Explicit Congestion Notification (ECN) [<A 
                href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>] adds 2 
                new flags to the TCP header: <EM>Congestion Window Reduced</EM> 
                (CWR) and <EM>ECN-Echo</EM> (ECNE). ECN also requires 1 or 2 
                additional flags in the IP header.
                <P>Commonly, the TCP header will carry options related to 
                enhancements of the TCP protocol. Important options are Window 
                Scaling, Selective Acknowledgement (SACK) [<A 
                href="http://www.faqs.org/rfcs/rfc2018.html">RFC2018</A>, <A 
                href="http://www.faqs.org/rfcs/rfc2883.html">RFC2883</A>] and 
                Explicit Congestion Notification (ECN) [<A 
                href="http://www.faqs.org/rfcs/rfc2481.html">RFC2481</A>].
                <P>TCP data payload length is the IP payload length minus the 
                TCP header length.
                <P>TCP packets usually carry an application level data stream, 
                f.e. HTTP, FTP, Telnet, SSH, etc.&nbsp; 
          </P></TD></TR></TBODY></TABLE></P></BLOCKQUOTE><A 
        name=UDPheader></A>&nbsp;<BR>
        <H4>UDP Header format (as defined in <A 
        href="http://www.faqs.org/rfcs/rfc768.html">RFC-768</A>): </H4>
        <BLOCKQUOTE>
          <TABLE cellSpacing=0 cellPadding=0 width=640 border=1>
            <TBODY>
            <TR>
              <TD align=middle width=20>0</TD>
              <TD align=middle width=20>1</TD>
              <TD align=middle width=20>2</TD>
              <TD align=middle width=20>3</TD>
              <TD align=middle width=20>4</TD>
              <TD align=middle width=20>5</TD>
              <TD align=middle width=20>6</TD>
              <TD align=middle width=20>7</TD>
              <TD align=middle width=20>8</TD>
              <TD align=middle width=20>9</TD>
              <TD align=middle width=20>10</TD>
              <TD align=middle width=20>11</TD>
              <TD align=middle width=20>12</TD>
              <TD align=middle width=20>13</TD>
              <TD align=middle width=20>14</TD>
              <TD align=middle width=20>15</TD>
              <TD align=middle width=20>16</TD>
              <TD align=middle width=20>17</TD>
              <TD align=middle width=20>18</TD>
              <TD align=middle width=20>19</TD>
              <TD align=middle width=20>20</TD>
              <TD align=middle width=20>21</TD>
              <TD align=middle width=20>22</TD>
              <TD align=middle width=20>23</TD>
              <TD align=middle width=20>24</TD>
              <TD align=middle width=20>25</TD>
              <TD align=middle width=20>26</TD>
              <TD align=middle width=20>27</TD>
              <TD align=middle width=20>28</TD>
              <TD align=middle width=20>29</TD>
              <TD align=middle width=20>30</TD>
              <TD align=middle width=20>31</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=16 height=30>Source Port</TD>
              <TD align=middle colSpan=16>Destination Port</TD></TR>
            <TR bgColor=#ffffe0>
              <TD align=middle colSpan=16 height=30>Total Length</TD>
              <TD align=middle colSpan=16 height=30>Checksum (optional)</TD></TR>
            <TR bgColor=#e0ffff>
              <TD align=middle colSpan=32 height=60>UDP Payload 
          </TD></TR></TBODY></TABLE>
          <P>
          <TABLE width=640 border=0>
            <TBODY>
            <TR>
              <TD align=left>&nbsp;<BR>The header of a UDP packet consists of 
                2 words of 32 bits (4 bytes) each.&nbsp; The header length is 
                therefore always 8 bytes.&nbsp; The <EM>Total Length</EM> field 
                includes the UDP header and is measured in bytes.
                <P>UDP packets usually carry an application level datagram as 
                their payload, f.e. DNS, NTP, NFS, etc.&nbsp; 
          </P></TD></TR></TBODY></TABLE></P></BLOCKQUOTE>
        <TABLE cellSpacing=0 cellPadding=0 width=640 border=0>
          <TBODY>
          <TR>
            <TD>
              <P>
              <HR width="100%">

              <P>All good books on TCP/IP explain the IP, TCP, UDP header 
              formats in detail.&nbsp; There are also various <A 
              href="http://www.faqs.org/rfcs/rfc-index.html">RFC</A>s covering 
              different aspects of IP, ICMP, TCP, UDP and other protocols.&nbsp; 
              Another good starting point is <A 
              href="http://www.private.org.il/tcpip_rl.html">Uri's TCP/IP 
              Resources List</A>. </P></TD></TR></TBODY></TABLE></BLOCKQUOTE></TD>
  <TR>
    <TD vAlign=center align=middle bgColor=#597596 colSpan=2 height=50><A 
      class=White10>Copyright (c)2001</A><A class=White10 
      href="mailto:md-nf091@logi.cc">Manfred Bartz</A><A class=White10>, 
      Melbourne, Australia.</A> </TD></TR></TBODY></TABLE>
<CENTER>
<P><A href="http://python.org/"><IMG alt="Powered by Python" 
src="Netfilter Log Format.files/PythonPowered.gif" border=0></A> 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A 
href="http://apache.org/"><IMG alt="Powered by Apache" 
src="Netfilter Log Format.files/apache_pb.gif" border=0></A> 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A 
href="http://php.net/"><IMG alt="Powered by PHP" 
src="Netfilter Log Format.files/php-small-trans-light.gif" border=0></A> 
</CENTER></P></BODY></HTML>
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -