1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
Jul 14 14:31:06 linjenkins3 kernel: [31809412.513897] [UFW BLOCK] IN=eth0 OUT= MAC=40:40:2e:9a:ad:92:c4:71:fe:f1:b9:7f:08:00 SRC=69.60.116.202 DST=173.203.237.224 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=15852 PROTO=TCP SPT=43998 DPT=3389 WINDOW=3072 RES=0x00 SYN URGP=0
key 37:68 ^-----------------------------^ 31809412.513897] [UFW BLOCK] IN
sym 69:73 ^--^ eth0
val 69:73 ^--^ eth0
pair 37:73 ^----------------------------------^ 31809412.513897] [UFW BLOCK] IN=eth0
key 74:77 ^-^ OUT
quot 78:78 ^
val 78:78 ^
pair 74:78 ^--^ OUT=
key 79:82 ^-^ MAC
hexd 83:124 ^---------------------------------------^ 40:40:2e:9a:ad:92:c4:71:fe:f1:b9:7f:08:00
val 83:124 ^---------------------------------------^ 40:40:2e:9a:ad:92:c4:71:fe:f1:b9:7f:08:00
pair 79:124 ^-------------------------------------------^ MAC=40:40:2e:9a:ad:92:c4:71:fe:f1:b9:7f:08:00
key 125:128 ^-^ SRC
ipv4 129:142 ^-----------^ 69.60.116.202
val 129:142 ^-----------^ 69.60.116.202
pair 125:142 ^---------------^ SRC=69.60.116.202
key 143:146 ^-^ DST
ipv4 147:162 ^-------------^ 173.203.237.224
val 147:162 ^-------------^ 173.203.237.224
pair 143:162 ^-----------------^ DST=173.203.237.224
key 163:166 ^-^ LEN
num 167:169 ^^ 44
val 167:169 ^^ 44
pair 163:169 ^----^ LEN=44
key 170:173 ^-^ TOS
hex 174:178 ^--^ 0x00
val 174:178 ^--^ 0x00
pair 170:178 ^------^ TOS=0x00
key 179:183 ^--^ PREC
hex 184:188 ^--^ 0x00
val 184:188 ^--^ 0x00
pair 179:188 ^-------^ PREC=0x00
key 189:192 ^-^ TTL
num 193:195 ^^ 29
val 193:195 ^^ 29
pair 189:195 ^----^ TTL=29
key 196:198 ^^ ID
num 199:204 ^---^ 15852
val 199:204 ^---^ 15852
pair 196:204 ^------^ ID=15852
key 205:210 ^---^ PROTO
sym 211:214 ^-^ TCP
val 211:214 ^-^ TCP
pair 205:214 ^-------^ PROTO=TCP
key 215:218 ^-^ SPT
num 219:224 ^---^ 43998
val 219:224 ^---^ 43998
pair 215:224 ^-------^ SPT=43998
key 225:228 ^-^ DPT
num 229:233 ^--^ 3389
val 229:233 ^--^ 3389
pair 225:233 ^------^ DPT=3389
key 234:240 ^----^ WINDOW
num 241:245 ^--^ 3072
val 241:245 ^--^ 3072
pair 234:245 ^---------^ WINDOW=3072
key 246:249 ^-^ RES
hex 250:254 ^--^ 0x00
wspc 254:255 ^
sym 255:258 ^-^ SYN
val 250:258 ^------^ 0x00 SYN
pair 246:258 ^----------^ RES=0x00 SYN
key 259:263 ^--^ URGP
num 264:265 ^ 0
val 264:265 ^ 0
pair 259:265 ^----^ URGP=0
msg :[31809412.513897] [UFW BLOCK] IN=eth0 OUT= MAC=40:40:2e:9a:ad:92:c4:71:fe:f1:b9:7f:08:00 SRC=69.60.116.202 DST=173.203.237.224 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=15852 PROTO=TCP SPT=43998 DPT=3389 WINDOW=3072 RES=0x00 SYN URGP=0
format :[31809412.513897] [UFW BLOCK] IN=# OUT=# MAC=# SRC=# DST=# LEN=# TOS=# PREC=# TTL=# ID=# PROTO=# SPT=# DPT=# WINDOW=# RES=# URGP=#
{
"31809412.513897] [UFW BLOCK] IN": "eth0",
"OUT": "",
"MAC": "40:40:2e:9a:ad:92:c4:71:fe:f1:b9:7f:08:00",
"SRC": "69.60.116.202",
"DST": "173.203.237.224",
"LEN": 44,
"TOS": "0x00",
"PREC": "0x00",
"TTL": 29,
"ID": 15852,
"PROTO": "TCP",
"SPT": 43998,
"DPT": 3389,
"WINDOW": 3072,
"RES": "0x00 SYN",
"URGP": 0
}
|