MikroTik

Community discussions
https://forum.mikrotik.com/

match content of packets (hex values)

https://forum.mikrotik.com/viewtopic.php?t=41223

Page 1 of 1

match content of packets (hex values)

Posted: Mon Apr 26, 2010 12:29 pm
by awarmanf
Can I match content of packets with hex values without using layer7 ?
I want to match packets with containing hex values of "16030100410100003d0301".
On linux, I use iptables to match those packets with this rule:
iptables -I FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string --to 256 --hex-string '|16030100410100003d0301|' --algo bm -j LOG --log-prefix "ULTRASURF: "
And it works perfectly.

On the mikrotik I fill in the content of the mangle rule with this "0x16030100410100003d0301" (without quotes) but it doesn't work.

Thanks in advance.

Re: match content of packets (hex values)

Posted: Mon Apr 26, 2010 2:19 pm
by mrz
You can try content as follows:
[admin@MikroTik] /ip firewall mangle> add chain=prerouting content="\16\03\01\00"

Re: match content of packets (hex values)

Posted: Thu Apr 29, 2010 8:46 am
by awarmanf
You can try content as follows:
[admin@MikroTik] /ip firewall mangle> add chain=prerouting content="\16\03\01\00"
Sory, that rule is not working.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/