[BACK]Return to README.log CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipguard / doc
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipguard / doc / README.log
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 21:59:41 2012 UTC (12 years, 3 months ago) by misho
Branches: ipguard, MAIN
CVS tags: v1_04p3, v1_04p0, v1_04, HEAD
ipguard


00:0f:ea:d2:44:a4       192.168.1.1     - server MAC-IP pair
00:d0:b7:b5:ca:6b       192.168.1.10    - client MAC-IP pair
00:40:f4:53:e3:7d       192.168.1.66    - pirate MAC-IP pair
de:ad:6b:a8:de:5b                       - ipguard fake MAC

#### Log description
################################

Normal ARP who-has client -> server

Ethernet        00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff
ARP sender      00:d0:b7:b5:ca:6b -  192.168.1.10
ARP target      0:0:0:0:0:0       -  192.168.1.1

Log record:

xxxx: 00:d0:b7:b5:ca:6b 192.168.1.10                           192.168.1.1
^^^^^ ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^                        ^^^^^^^^^^^^^^^
|1    |2                |3                                     |4

1 - Label
2 - ARP sender MAC
3 - ARP sender IP
4 - ARP target IP

Labels:

bnew: New pair (none of MAC or IP listed in `ethers')

Ethernet        00:40:f4:53:e3:7d -> ff:ff:ff:ff:ff:ff
ARP sender      00:40:f4:53:e3:7d -  192.168.1.66
ARP target      0:0:0:0:0:0       -  192.168.1.1

bsip: Bad sender IP (not listed in `ethers')

Ethernet        00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff
ARP sender      00:d0:b7:b5:ca:6b -  192.168.1.66
ARP target      0:0:0:0:0:0       -  192.168.1.1

bmac: Bad sender MAC (not listed in `ethers')

Ethernet        00:40:f4:53:e3:7d -> ff:ff:ff:ff:ff:ff
ARP sender      00:40:f4:53:e3:7d -  192.168.1.10
ARP target      0:0:0:0:0:0       -  192.168.1.1

btip: Bad target IP (not listed in `ethers')

Ethernet        00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff
ARP sender      00:d0:b7:b5:ca:6b -  192.168.1.10
ARP target      0:0:0:0:0:0       -  192.168.1.66

xxxx: Finally bad ARP request. Some of previous rules matched

#### Current MAC-IP table
################################

dump of current pairs table
dump: MAC IP

#### Bad MAC-IP buffer
################################

dump of current bad pairs buffer
dump: number MAC IP count timestamp

#### ARP statistics
################################

Total ARP who-has packets 0
    total received ARP packets

Good MAC-IP pairs 0
    good packets

Gratuitous MAC-IP/weird 0/0
    gratuitous packets / weird gratuitous (Windows/MacOS)

Zero MAC/IP 0/0
    packets matched zero wildcard (00:00:00:00:00:00/0.0.0.0)

New MAC-IP pairs 0
    count of new MAC-IP pairs

Bad MAC-IP pairs 0
    all of bad ARP requests

Bad MAC/IP 0/0
    count of bad MACs/IPs

Bad gratuitous MAC-IP 0
    count of bad gratuitous packets

My/Fake/PreFake MAC 0/0/0
    count of packets sended by self

And counts of some strange packets:

Mismatch sender Ether/ARP MAC 0 
Non-zero target ARP MAC 0 
Non-bcast target Ether MAC 0 

#### PCAP statistics
################################

Received/Dropped packets 0/0 
    packets that matched/not matched PCAP filter

##  $Id: README.log,v 1.1.1.1 2012/02/21 21:59:41 misho Exp $
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>