iptables: needs to extract destination addr from Tcp syn packet - Security

This is a discussion on iptables: needs to extract destination addr from Tcp syn packet - Security ; I know that iptables is just a packet filter and not a sniffer. But, is there any way to extract destination address from TCP SYN packet using only IPTABLES! I have seen some perl scripts extracting destination and source addresses ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: iptables: needs to extract destination addr from Tcp syn packet

  1. iptables: needs to extract destination addr from Tcp syn packet

    I know that iptables is just a packet filter and not a sniffer. But, is
    there any way to extract destination address from TCP SYN packet using
    only IPTABLES!

    I have seen some perl scripts extracting destination and source
    addresses from DNS packets but if i can do that with iptables alone, it
    would save considerable amount of my project time !


  2. Re: iptables: needs to extract destination addr from Tcp syn packet

    "kosaraju.puneeth@gmail.com" (06-03-21 22:39:20):

    > I know that iptables is just a packet filter and not a sniffer. But, is
    > there any way to extract destination address from TCP SYN packet using
    > only IPTABLES!


    You can do that with the LOG target.


    Regards.

  3. Re: iptables: needs to extract destination addr from Tcp syn packet

    "kosaraju.puneeth@gmail.com" wrote in
    news:1143009560.612285.199260@j33g2000cwa.googlegr oups.com:

    > I know that iptables is just a packet filter and not a sniffer. But, is
    > there any way to extract destination address from TCP SYN packet using
    > only IPTABLES!
    >
    > I have seen some perl scripts extracting destination and source
    > addresses from DNS packets but if i can do that with iptables alone, it
    > would save considerable amount of my project time !
    >


    You can write such information to the log using netfilter. Use -j LOG --
    log-prefix "ZZZZZZZZZZZ" where the ZZZZZZZZ bit is any text you like to
    make it easy to locate the messages. Here is a log message example for a
    new LPR type SYN packet which was logged using -j LOG --log-prefix "NETF-
    NEW".


    Mar 23 14:40:46 myfirewall kernel: NETF-NEW IN=eth0 OUT=eth1 SRC=a.b.c.d
    DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=21846 DF PROTO=TCP SPT=721
    DPT=515 WINDOW=16384 RES=0x00 SYN URGP=0

    Klazmon.


  4. Re: iptables: needs to extract destination addr from Tcp syn packet

    thank you very much! I will try to implement that and will let you
    know!


+ Reply to Thread