Just curious about this FW logs - "kip" before the IP address
-
I just notice this in my FW logs, can someone tell me waht this means ?
-
-
Thanks Steve…. i must improve my "googling" ;)
appletalk... i think no
but the strangest thing, is that none of the source or destination IPs are mine or even in my IP range...
By the way, i dont see that logs again, since yesterday ....
Maybe, next time, i can do some packet capture, and get more info....
-
That was just a guess! ::)
Are you running any apple hardware that might be advertising itself as an appletalk device?
Steve
-
No, no apple HW, just xp & seven pc`s
I hope next time this happens, i could do some packet capture, then come back and report my findings.
-
That looks like a parsing bug with some really unusual log type. Is that 2.0 release? If not, upgrade first. If it's still the same on release, go to Diagnostics>Command and run "clog /var/log/filter.log" to get the raw log file and post that here.
-
Is "2.0-RELEASE (amd64) built on Tue Sep 13 17:33:40 EDT 2011"
I saw this logs only twice, till now.
Currently is all "clean", but if i see again, i do as you indicated.
-
Ok, the "kip" apears again.
attached is the result of clog /var/log/filter.log ( filter.zip.png )
-
Thanks. http://redmine.pfsense.org/issues/2027
-
Glad to "contribute" in some way with pfSense :D
