New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to Drop Packet with Hex-String Iptables
17:03:10.274551 IP (tos 0x0, ttl 89, id 6656, offset 0, flags [DF], proto TCP (6), length 52)
94.73.253.181.57383 > 104.194.219.130.6410: Flags [.], cksum 0x100e (correct), seq 0, ack 1, win 131, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
0x0000: 0016 3e40 883e 8071 1fe7 0981 0800 4500
0x0010: 0034 1a00 4000 5906 6780 5e49 fdb5 68c2
0x0020: db82 e027 190a 0000 0000 0000 0001 8010
0x0030: 0083 100e 0000 0101 080a 077f da37 699f
0x0040: 815f
17:03:10.274812 IP (tos 0x0, ttl 88, id 5731, offset 0, flags [DF], proto TCP (6), length 52)
11.200.80.242.55382 > 104.194.219.130.28238: Flags [.], cksum 0xf466 (correct), seq 0, ack 1, win 16616, options [nop,nop,TS val 125819432 ecr 247032168], length 0
0x0000: 0016 3e40 883e 8071 1fe7 0981 0800 4500
0x0010: 0034 1663 4000 5806 6b62 0bc8 50f2 68c2
0x0020: db82 d856 6e4e 0000 0000 0000 0001 8010
0x0030: 40e8 f466 0000 0101 080a 077f da28 0eb9
0x0040: 6968
17:03:10.274929 IP (tos 0x0, ttl 90, id 46068, offset 0, flags [DF], proto TCP (6), length 52)
92.227.88.168.42173 > 104.194.219.130.49430: Flags [.], cksum 0x08c2 (correct), seq 0, ack 1, win 16800, options [nop,nop,TS val 125819447 ecr 1772061023], length 0
0x0000: 0016 3e40 883e 8071 1fe7 0981 0800 4500
0x0010: 0034 b3f4 4000 5a06 72ff 5ce3 58a8 68c2
0x0020: db82 a4bd c116 0000 0000 0000 0001 8010
0x0030: 41a0 08c2 0000 0101 080a 077f da37 699f
0x0040: 815f
17:03:10.275142 IP (tos 0x0, ttl 87, id 20342, offset 0, flags [DF], proto TCP (6), length 52)
21.253.248.223.61050 > 104.194.219.130.50090: Flags [.], cksum 0x16ae (correct), seq 0, ack 1, win 254, options [nop,nop,TS val 125819432 ecr 247032168], length 0
0x0000: 0016 3e40 883e 8071 1fe7 0981 0800 4500
0x0010: 0034 4f76 4000 5706 812c 15fd f8df 68c2
0x0020: db82 ee7a c3aa 0000 0000 0000 0001 8010
0x0030: 00fe 16ae 0000 0101 080a 077f da28 0eb9
0x0040: 6968
I have some log, need find macth packet for working drop its tcp,
can someone helping me for hex-string packet ?
Sorry my gramma not good
Comments
All packets can be expressed in hex. What are you trying to drop?
synack. maybe like tcp synack with options, cos its synack atack how many time i try macth hex string in log, but no work 100%, inbound still arrive, cant be filter its dude, can you help me, macth the hexstring true for filter that kinds packet