In Linux, you can use the iptables command to log suspicious "Martian" packets, which are packets with un-routable source addresses. Martian packets are packets that appear to originate from a network that is not connected to the Internet, and they may indicate an attempt to bypass security measures or probe the network for vulnerabilities.
To log Martian packets in Linux, you can use the iptables command with the -m (match) and --log-prefix options.
For example, to log Martian packets with a source address in the 10.0.0.0/8 range, you can use the following command:
$ iptables -A INPUT -s 10.0.0.0/8 -m limit --limit 1/s --log-prefix "Martian packet: " -j DROPSourww:ecw.lautturi.com
This will add a rule to the INPUT chain of the iptables firewall that will log Martian packets with a source address in the 10.0.0.0/8 range, with a rate limit of one packet per second. The --log-prefix option allows you to specify a prefix for the log messages, which will help you identify the logged packets.
You can also use the -m and --log-prefix options with the OUTPUT chain to log Martian packets with un-routable destination addresses.
For example, to log Martian packets with a destination address in the 10.0.0.0/8 range, you can use the following command:
$ iptables -A OUTPUT -d 10.0.0.0/8 -m limit --limit 1/s --log-prefix "Martian packet: " -j DROP
This will add a rule to the OUTPUT chain of the iptables firewall that will log Martian packets with a destination address in the 10.0.0.0/8 range, with a rate limit of one packet per second.