-
Notifications
You must be signed in to change notification settings - Fork 0
/
packet.rule
73 lines (63 loc) · 1.18 KB
/
packet.rule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Block Backward:
B. : Backward
O. : Original
1. Ethernet
B.Dmac = O.Smac
B.Smac = MyMac
B.Type = O.Type
2. Ip
B.vertion = 4
B.IHL = 5
B.ToS = 0
B.Total Length = B.Total Packet Length - EthHdr
B.ID = Nonce
B.Flags = 0
B.Fragment offset = 0
B.TTL = 255
B.Protocol = TCP(6)
B.checksum = (Check Sum Calc)
B.Sip = O.Dip
B.Dip = O.Sip
3. TCP
B.sport = O.dport
B.dport = O.sport
B.Seq Num = O.Ack Num
B.Ack Num = O.Seq + O.Tcp payload length
B.offset(header length) = 5(20)
B.Reserved = 0
B.flags = FIN, PSH, ACK
B.Window Size = 0
B.Checksum = Calc
B.Urgent Pointer = 0
B.payload = "HTTP/1.0 302 Redirect\r\nLocation: http://warning.or.kr\r\n\r\n" (Length : 57)
Block Forward:
F. : Forward
O. : Original
1. Ethernet
F.Dmac = O.Dmac
F.Smac = MyMac
F.Type = O.Type
2. Ip
F.vertion = 4
F.IHL = 5
F.ToS = 0
F.Total Length = IpHdr + TcpHdr
F.ID = Nonce
F.Flags = 0
F.Fragment offset = 0
F.TTL = O.TTL
F.Protocol = TCP(6)
F.checksum = (Check Sum Calc)
F.Sip = O.Sip
F.Dip = O.Dip
3. TCP
F.sport = O.sport
F.dport = O.dport
F.Seq Num = O.Seq + O.Tcp payload length
F.Ack Num = O.Ack Num
F.offset(header length) = 5(20)
F.Reserved = 0
F.flags = RST, PSH, ACK
F.Window Size = 0
F.Checksum = Calc
F.Urgent Pointer = 0