Well wireshark separate the packet in 5 part: frame -> all the packet ethernet II -> len: 14 internet protocol -> len 20 transmission control protocol -> change data -> my packet always have len = 14 0000 00 30 48 97 47 07 00 1b 0d e6 57 c0 08 00 45 00 0010 00 36 c4 c9 40 00 70 06 1b 5b 45 a2 42 a5 43 e4 0020 5e 72 07 20 94 df 5f da e3 e0 db a8 f2 5e 50 18 0030 45 10 dd 91 00 00 f7 6f 3f 47 c5 8b 18 91 64 19 0040 8a a8 b1 26 this its the complete packet, i want block the data part. i means this: 0000 f7 6f 3f 47 c5 8b 18 91 64 19 8a a8 b1 26 then waht i want is: block every single packet with DATA part len = 14. thanks 2008/10/8 Maximilian Wilhelm <max@xxxxxxxxxxx>: > Anno domini 2008 Servers 4you scripsit: > >> 2008/10/8 Eric Leblond <eric@xxxxxx>: > >> > man iptables : >> > >> > length >> > This module matches the length of the layer-3 payload (e.g. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > layer-4 packet) f a packet against a specific value or range >> > of values. >> > >> > [!] --length length[:length] > >> yes i try see man page, but they dont explain if the size its: the >> full packet size or the data part. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> i have a packet with diffent total size (becouse the header change) >> but always with 14bytes on data. > > Which parts of the header changes in your setup? > What do you in general want to accomplish? > > Ciao > Max > -- > Follow the white penguin. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
