Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible to filter by Seq, Ack, Win and Len?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 371 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Koltsz
      last edited by

      Hi All

      Sorry that this is the wrong location, I have not idea where to put this..

      Is there a way with pfSense or a package that I can find a particular [PSH, ACK] with a unique Seq, Ack, Win and Len value
      and then ask PFSense to issue a command when it finds it, such a small script?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Nothing built in can do that I'm aware of. It would probably be possible via a script of some sort. Running a pcap and parsing it's output perhaps.
        What are you trying to do? There might be some easier way to do it.

        Steve

        1 Reply Last reply Reply Quote 0
        • K
          Koltsz
          last edited by

          Hi Steve,

          Thanks for the reply.

          So I have a system at home that is supposed to notify me when it gets activated via push notifications. they are having issues all the times with their servers so me and other users never get the notifications.

          I captured my device when the notification get sent to their servers and all I want to do is get my router to pick that signature up and then for me to run my own script so I can send notifications to my phone

          This is the line i wish to search for and create a rule for:

          0_1547057181538_Screenshot_1.png

          If you know of any other way I could get this to work, I would be very grateful

          Regards

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Mmm, probably going to need a script to do it. You might be able to define a custom Snort rule to detect that which would be nice. But it will only throw an alert when it sees it. No way I'm aware if to send a notification based on that alert. Maybe if you were exporting the Snort logs you could have something else setup to do parse them and do that.
            Neither of those things are anything I've ever tried.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.