ipopts

The ipopts rule option is used to check if a specified IP option is present in an IP header.

There are 11 possible ipopts arguments to choose from, and an ipopts option can only have one argument. These options include the following:

  • rr: Record Route
  • eol: End of Options List
  • nop: No Operation
  • ts: Time Stamp
  • sec: Security
  • esec: Extended Security
  • lsrr: Loose Source Routing
  • lsrre: Loose Source Routing (For MS99-038 and CVE-1999-0909)
  • ssrr: Strict Source Route
  • satid: Stream ID
  • any: Any IP options are set

Format:

ipopts:{rr|eol|nop|ts|sec|esec|lsrr|lsrre|ssrr|satid|any};

Examples:

# Match packets with IP headers containing the 
# Record Route option
ipopts:rr;
# Match packets with IP headers containing any option 
ipopts:any;