Weird ip6tables mac= logging

03-23-2011, 05:09 PM

Hi there

A bit from the syslog (UTC + 1);
Mar 23 06:04:27 sput kernel: [245625.292575] IN=xs6all OUT=
MAC=20:00:40:2f:ae:8f:0a:00:00:96:ff:03:00:21:45:0 0:00:5c:00:00:40:00:3e:29:c3:ba:c2:6d:05:f1:50:65: 5f:fb:60:00:00:00:00:20:06:74:20:02:18:e6:b8:dc:00 :00:00:00:00:00:18:e6:b8:dc:20:01:08:88:15:33:00:0 1:00:00:00:00:00:00:00:01:cb:ec:1f:90:fd:63:87:3b: 00:00:00:00:80:c2:20:00:dd:de:00:00:02:04:04:c4:01 :03:03:08:01:01:04:02:ef:67:31:20:30:35:3a:30:33:3 a:32:35:20:47:4d:54:0d:0a:53:65:72:76:65:72:3a:20: 41:70:61:63:68:65:2f:32:2e:32:2e:31:36:20:28:44
TUNNEL=194.109.5.241->80.101.95.251
SRC=2002:18e6:b8dc:0000:0000:0000:18e6:b8dc
DST=2001:0888:1533:0001:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=116
FLOWLBL=0 PROTO=TCP SPT=52204 DPT=8080 WINDOW=8192 RES=0x00 CWR ECE SYN
URGP=0
Mar 23 06:04:30 sput kernel: [245628.308577] IN=xs6all OUT=
MAC=00:00:eb:01:00:00:7e:ff:7d:23:ff:03:00:21:45:0 0:00:5c:00:00:40:00:3e:29:c3:ba:c2:6d:05:f1:50:65: 5f:fb:60:00:00:00:00:20:06:74:20:02:18:e6:b8:dc:00 :00:00:00:00:00:18:e6:b8:dc:20:01:08:88:15:33:00:0 1:00:00:00:00:00:00:00:01:cb:ec:1f:90:fd:63:87:3b: 00:00:00:00:80:c2:20:00:dd:de:00:00:02:04:04:c4:01 :03:03:08:01:01:04:02:ef:67:62:2f:6b:69:74:65:2f:2 0:48:54:54:50:2f:31:2e:31:0d:0a:41:63:63:65:70:74: 3a:20:74:65:78:74:2f:68:74:6d:6c:2c:74:65:78:74
TUNNEL=194.109.5.241->80.101.95.251
SRC=2002:18e6:b8dc:0000:0000:0000:18e6:b8dc
DST=2001:0888:1533:0001:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=116
FLOWLBL=0 PROTO=TCP SPT=52204 DPT=8080 WINDOW=8192 RES=0x00 CWR ECE SYN
URGP=0
Mar 23 06:04:36 sput kernel: [245634.328566] IN=xs6all OUT=
MAC=00:00:8f:01:00:00:7e:ff:7d:23:ff:03:00:21:45:0 0:00:58:00:00:40:00:3e:29:c3:be:c2:6d:05:f1:50:65: 5f:fb:60:00:00:00:00:1c:06:74:20:02:18:e6:b8:dc:00 :00:00:00:00:00:18:e6:b8:dc:20:01:08:88:15:33:00:0 1:00:00:00:00:00:00:00:01:cb:ec:1f:90:fd:63:87:3b: 00:00:00:00:70:02:20:00:f2:ad:00:00:02:04:04:c4:01 :01:04:02:91:bf:5e:64:08:88:15:33:00:01:00:00:00:0 0:00:00:00:01:00:7b:00:7b:00:38:c6:4f:23:01:06:ed: 00:00:00:00:00:00:00:41:50:50:53:00:d1:33:fd:1e
TUNNEL=194.109.5.241->80.101.95.251
SRC=2002:18e6:b8dc:0000:0000:0000:18e6:b8dc
DST=2001:0888:1533:0001:0000:0000:0000:0001 LEN=68 TC=0 HOPLIMIT=116
FLOWLBL=0 PROTO=TCP SPT=52204 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0

Those 'MAC=' strings are rather weird. There are even bits of ascii in
there (converting :XX to an ascii value);

05:03:25 GMT
Server: Apache/2.2.16

/kite/ HTTP/1.1
Accept: text/html,text

'xs6all' is a v4tunnel interface. Which doesn't have a mac address.

Any idea what is going on?

Regards,
Rob

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
DMZ for logging	Harry Putnam	Linux Networking	10	01-31-2012 06:26 PM
Problem setting connmark with ip6tables	Washington Ratso	Linux Networking	1	07-19-2011 04:41 PM
Logging in	Quinnteach	Wireless Networks	1	11-19-2006 01:26 AM
SSH logging	cranium.2003@gmail.com	Linux Networking	1	03-10-2006 06:14 AM
logging on	allad	Windows Networking	1	07-22-2003 11:32 AM