To log suspicious Martian packets (packets with un-routable source addresses) in Linux, you can modify the kernel’s syslog configuration. Here is an example of how to do it:
- Edit the
/etc/sysctl.conffile and add the following line:
net.ipv4.conf.all.log_martians = 1
- Save the changes and reload the sysctl configuration:
sysctl -p
- Configure the syslog daemon to log the messages generated by the kernel. You can do this by adding the following line to your syslog configuration file (e.g.,
/etc/rsyslog.d/50-default.conf):
kern.* /var/log/kernel.log
- Restart the syslog service:
systemctl restart syslog
Now, the kernel will log any Martian packets in the /var/log/kernel.log file. You can use tools like grep or tail to view the log and monitor for any suspicious activity.