Hopefully someone here is wiser then me with analyzing raw packets.
Here's what I'm trying to do. I have traffic coming to a web server via a reverse proxy. So my server only sees the IP of proxy, not the original client IP. For that, I'm using proxy protocol v2, so in my application I'm able to get the raw client IP.
That means somewhere in the packet header the original client IP is contained. I'm trying to "Spot" or find that client IP in realtime using tcpdump. Probably is I dont exactly know what to look for. For example, say I know of a client IP of 5.6.7.8, what would that look like in tcpdump?
The reason for this is I'm trying to implement iptables to block "bad" traffic. Since iptables only sees the IP of the proxy server, I thought I can use the string match to drop packets that match the client IP as specified in proxy protocol, but I dont know how it looks or is formatted.
No comments:
Post a Comment