ipopts

The ipopts rule option is used to check if a specified IP option is present in an IP header.

There are 11 possible ipopts arguments to choose from, and an ipopts option can only have one argument. These options include the following:

rr: Record Route
eol: End of Options List
nop: No Operation
ts: Time Stamp
sec: Security
esec: Extended Security
lsrr: Loose Source Routing
lsrre: Loose Source Routing (For MS99-038 and CVE-1999-0909)
ssrr: Strict Source Route
satid: Stream ID
any: Any IP options are set

Format:

ipopts:{rr|eol|nop|ts|sec|esec|lsrr|lsrre|ssrr|satid|any};

Examples:

# Match packets with IP headers containing the 
# Record Route option
ipopts:rr;

# Match packets with IP headers containing any option 
ipopts:any;