≡ Menu

Linux Iptables Firewall: Log IP or TCP Packet Header

Iptables provides the option to log both IP and TCP headers in a log file. This is useful to:
=> Detect Attacks

=> Analyze IP / TCP Headers

=> Troubleshoot Problems

=> Intrusion Detection

=> Iptables Log Analysis

=> Use 3rd party application such as PSAD (a tool to detect port scans and other suspicious traffic)

=> Use as education tool to understand TCP / IP header formats etc.

How do I turn on Logging IP Packet Header Options?

Add the following command to your iptables script beo:

iptables -A INPUT -j LOG --log-ip-options
iptables -A INPUT -j DROP

How do I turn on Logging TCP Packet Header Options?

Add the following command to your iptables script:

iptables -A INPUT -j LOG --log-tcp-options
iptables -A INPUT -j DROP

You may need to add additional filtering criteria such as source and destination ports/IP-address and other connection tracking features. To see IP / TCP header use tail -f or grep command:
# tail -f /var/log/messages

Recommended readings:

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free: