Annotation of embedaddon/ipguard/doc/README.log, revision 1.1.1.1
1.1 misho 1:
2: 00:0f:ea:d2:44:a4 192.168.1.1 - server MAC-IP pair
3: 00:d0:b7:b5:ca:6b 192.168.1.10 - client MAC-IP pair
4: 00:40:f4:53:e3:7d 192.168.1.66 - pirate MAC-IP pair
5: de:ad:6b:a8:de:5b - ipguard fake MAC
6:
7: #### Log description
8: ################################
9:
10: Normal ARP who-has client -> server
11:
12: Ethernet 00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff
13: ARP sender 00:d0:b7:b5:ca:6b - 192.168.1.10
14: ARP target 0:0:0:0:0:0 - 192.168.1.1
15:
16: Log record:
17:
18: xxxx: 00:d0:b7:b5:ca:6b 192.168.1.10 192.168.1.1
19: ^^^^^ ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^
20: |1 |2 |3 |4
21:
22: 1 - Label
23: 2 - ARP sender MAC
24: 3 - ARP sender IP
25: 4 - ARP target IP
26:
27: Labels:
28:
29: bnew: New pair (none of MAC or IP listed in `ethers')
30:
31: Ethernet 00:40:f4:53:e3:7d -> ff:ff:ff:ff:ff:ff
32: ARP sender 00:40:f4:53:e3:7d - 192.168.1.66
33: ARP target 0:0:0:0:0:0 - 192.168.1.1
34:
35: bsip: Bad sender IP (not listed in `ethers')
36:
37: Ethernet 00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff
38: ARP sender 00:d0:b7:b5:ca:6b - 192.168.1.66
39: ARP target 0:0:0:0:0:0 - 192.168.1.1
40:
41: bmac: Bad sender MAC (not listed in `ethers')
42:
43: Ethernet 00:40:f4:53:e3:7d -> ff:ff:ff:ff:ff:ff
44: ARP sender 00:40:f4:53:e3:7d - 192.168.1.10
45: ARP target 0:0:0:0:0:0 - 192.168.1.1
46:
47: btip: Bad target IP (not listed in `ethers')
48:
49: Ethernet 00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff
50: ARP sender 00:d0:b7:b5:ca:6b - 192.168.1.10
51: ARP target 0:0:0:0:0:0 - 192.168.1.66
52:
53: xxxx: Finally bad ARP request. Some of previous rules matched
54:
55: #### Current MAC-IP table
56: ################################
57:
58: dump of current pairs table
59: dump: MAC IP
60:
61: #### Bad MAC-IP buffer
62: ################################
63:
64: dump of current bad pairs buffer
65: dump: number MAC IP count timestamp
66:
67: #### ARP statistics
68: ################################
69:
70: Total ARP who-has packets 0
71: total received ARP packets
72:
73: Good MAC-IP pairs 0
74: good packets
75:
76: Gratuitous MAC-IP/weird 0/0
77: gratuitous packets / weird gratuitous (Windows/MacOS)
78:
79: Zero MAC/IP 0/0
80: packets matched zero wildcard (00:00:00:00:00:00/0.0.0.0)
81:
82: New MAC-IP pairs 0
83: count of new MAC-IP pairs
84:
85: Bad MAC-IP pairs 0
86: all of bad ARP requests
87:
88: Bad MAC/IP 0/0
89: count of bad MACs/IPs
90:
91: Bad gratuitous MAC-IP 0
92: count of bad gratuitous packets
93:
94: My/Fake/PreFake MAC 0/0/0
95: count of packets sended by self
96:
97: And counts of some strange packets:
98:
99: Mismatch sender Ether/ARP MAC 0
100: Non-zero target ARP MAC 0
101: Non-bcast target Ether MAC 0
102:
103: #### PCAP statistics
104: ################################
105:
106: Received/Dropped packets 0/0
107: packets that matched/not matched PCAP filter
108:
109: ## $Id: README.log,v 1.10 2010/07/12 03:46:52 sead Exp $
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>