Scot L. Harris wrote: > On Tue, 2004-08-10 at 09:11, Erik Espinoza wrote: >> ipv4 and ipv6 operate at a layer that is different from the physical >> card. There is no such thingas an ipv6 mac address. > > I stand corrected. What looks like a MAC address does look weird. > Unless that is not a MAC address? > >>> Aug 10 03:45:24 evv kernel: firewall: IN=eth1 OUT= > MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 SRC=221.15.178.84 > DST=63.69.210.36 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18935 DF > PROTO=TCP SPT=4262 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0 >>> Aug 10 03:45:30 evv kernel: firewall: IN=eth1 OUT= > MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 SRC=221.15.178.84 > DST=63.69.210.36 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=20211 DF > PROTO=TCP SPT=4262 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0 The netfilter package does log the mac addresses in a hard to visually decode format. Using the above MAC= entry: MAC=00:00:c0:d9:5b:98:00:01:30:08:dc:00:08:00 00:00:c0:d9:5b:98 = destination MAC 00:01:30:08:dc:00 = source MAC 08:00 = ethernet frame type - ipv4 Steve Cowles
