Verbose/Debug Mode

To have a look at the inner workings of psad as it monitors iptables log messages, run psad in a highly verbose mode with the --debug switch:

[iptablesfw]# psad --debug

This instructs psad to not become a daemon; it can then display information on STDERR as it runs. This information includes everything from MAC addresses to passive OS fingerprinting information. Here's a sample of this output:

❶ Jul 11 16:21:31 iptablesfw kernel: DROP IN=eth0 OUT= MAC=00:13:d3:38:b6:e4:
00:90:1a:a0:1c:ec:08:00 SRC=12.17.X.X DST=71.157.X.X LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=38577 DF PROTO=TCP SPT=38970 DPT=12754 WINDOW=53760 RES=0x00 SYN URGP=0 OPT (020405B4010303030101080A000000000000000001010402) [+] src mac addr: 00:90:1a:a0:1c:ec [+] dst ...

Get Linux Firewalls now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Linux Firewalls by

Verbose/Debug Mode

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly