Results 1 to 5 of 5

Thread: block specific packet size

  1. #1
    Private First Class
    Join Date
    Nov 2015
    Posts
    128
    Thanks
    37
    Thanked 14 Times in 14 Posts

    block specific packet size

    nowadays some retards are attacking to whole cod2 servers
    they are sending 11 byte - 13 byte - 16 byte ( probably they are about connection to cod2 server) so when i block packets with this way also other people can't join

    28 packet header + packet size

    iptables -t raw -A PREROUTING -p udp --dport 28960:28990 -m length --length 39 -j DROP
    iptables -t raw -A PREROUTING -p udp --dport 28960:28990 -m length --length 41 -j DROP
    iptables -t raw -A PREROUTING -p udp --dport 28960:28990 -m length --length 44 -j DROP


    so i need a counter for each ip if an ip send me these packets lets say 5 times in 5 seconds i want to block them , how can i do that?

    thanks for answers

  2. #2
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    1,979
    Thanks
    2,019
    Thanked 1,068 Times in 742 Posts
    What's the content of these packages?

    May be easy enough to just make a hashmap (key: ip, value: meta info of received packages) in C++ and drop these packages from libcod.

    Example code here: https://github.com/kungfooman/libcod...ibcod.cpp#L816
    timescale 0.01

  3. #3
    Private First Class
    Join Date
    Nov 2015
    Posts
    128
    Thanks
    37
    Thanked 14 Times in 14 Posts
    sudo tcpdump -i any -c100 -nn -A port 28963
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
    23:09:38.957436 IP 46.174.48.11.27216 > 168.119.35.252.28963: UDP, length 143
    E.....@.9.....0..w#.jPq#........I0[CS-ULET.RU] ~.............. .......... [FREE LORD+............]~.zm_2day_2.cstrike.CS-ULET.RU.
    .. .dl..1.1.2.7/Stdio..Pj......@.
    .......
    23:09:38.957436 IP 93.191.11.214.27026 > 168.119.35.252.28963: UDP, length 6
    E.."r`..9..b]....w#.i.q#........D.........Q.4.
    23:09:38.957442 IP 93.191.11.214.27026 > 168.119.35.252.28963: UDP, length 109
    E...ra..9...]....w#.i.q#.ui.....I0 ... .............. ............ 0+ #2. de_inferno.cstrike. vk/CS.FLAG.
    ....dl..1.1.2.7/Stdio...i
    23:09:38.957442 IP 177.54.152.48.27016 > 168.119.35.252.28963: UDP, length 93
    E..y....6.k..6.0.w#.i.q#.e .....m177.54.152.48:27016.Big C Classic Servers Clan.de_dust2.cstrike.Counter-Strike.. /dl....
    23:09:38.957447 IP 116.211.145.21.27054 > 168.119.35.252.28963: UDP, length 123
    E...@.......t....w#.i.q#..-k....I0[sorpack.com]-54...............(God.White).de_dust2.cstrike.Coun ter-Strike.
    .. .dw..1.1.2.7/Stdio...i......@.
    .......
    23:09:38.957915 IP 45.10.56.146.27015 > 168.119.35.252.28963: UDP, length 215
    E....I@.7.N.-
    8..w#.i.q#...@....I.[TR] Titans Fun Sunucusu #YetkiliAl..m..Aktif.bb_boomix.csgo.Counter-Strike: Global Offensive......dl..1.37.8.6...i.21...0.CS.Center,T R,awp,eldiven,fun,hediye,jail,jailbreak,nametag,pr o,public,secure.........
    23:09:38.957916 IP 145.239.23.162.27045 > 168.119.35.252.28963: UDP, length 178
    E...i @.3.g......w#.i.q#..\.....I.SERVER NAME [SRCDS.pro] @pukawka.pl.de_dust2.csgo.Counter-Strike: Global Offensive......dl..1.37.8.6...i..?...0.empty,srcds .pro 4.0 stable secure unddosable,secure.........
    23:09:38.957932 IP 37.230.210.177.27015 > 168.119.35.252.28963: UDP, length 92
    E..x....9.5.%....w#.i.q#.dC.....m37.230.210.177:27 015... CSMOV.RU | CSDM AIM ....$2000$.cstrike.Counter-Strike.. /dl....
    23:09:38.957970 IP 37.230.210.177.27015 > 168.119.35.252.28963: UDP, length 89
    E..u....9.5.%....w#.i.q#.a.d....I0.. CSMOV.RU | CSDM AIM ....$2000$.cstrike.Counter-Strike.
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.957979 IP 82.193.150.252.27016 > 168.119.35.252.28963: UDP, length 108
    E.......v.s.R....w#.i.q#.t.T....I0ECON Half-Life Server #2 Duel (47/48).crossfire.valve.HLCCL.F..
    .dw..1.1.2.2/Stdio...i......@.F.......
    23:09:38.958005 IP 50.7.124.185.27015 > 168.119.35.252.28963: UDP, length 81
    E..m....8.%c2.|..w#.i.q#.Y.#....m50.7.124.185:2701 5.|sS| PlayGround.de_train.cstrike.Counter-Strike. /dl....
    23:09:38.958011 IP 50.7.124.185.27015 > 168.119.35.252.28963: UDP, length 80
    E..l....8.%c2.|..w#.i.q#.X......I0|sS| PlayGround.de_train.cstrike.Counter-Strike.
    . .dl..1.1.2.7/Stdio...i
    23:09:38.958029 IP 82.193.150.252.27016 > 168.119.35.252.28963: UDP, length 108
    E.......v.s.R....w#.i.q#.t.T....I0ECON Half-Life Server #2 Duel (47/48).crossfire.valve.HLCCL.F..
    .dw..1.1.2.2/Stdio...i......@.F.......
    23:09:38.958045 IP 93.186.198.103.27415 > 168.119.35.252.28963: UDP, length 205
    E...-.@.8.#r]..g.w#.k.q#........I.The old man..s Server | Deathmatch | de_dust2 only.de_dust2.cstrike.Counter-Strike: Source......dl..5394425...k
    .e.3B@.alltalk,bots,deathmatch,dust2,extra Health-points,sounds,throwing-knife.........
    23:09:38.958052 IP 145.239.237.121.27070 > 168.119.35.252.28963: UDP, length 164
    E.......4......y.w#.i.q#..v.....m145.239.237.121:2 7070.RESET 03.03 # [Paintball + Klasy] GreenHaze.pl [EXP 21-09 | KLASY | PERKI | SKINY | WALUTA].pb_de_dust2_2009.cstrike.PB + KLASY.../dl....
    23:09:38.958058 IP 145.239.237.121.27070 > 168.119.35.252.28963: UDP, length 160
    E.......4......y.w#.i.q#........I0RESET 03.03 # [Paintball + Klasy] GreenHaze.pl [EXP 21-09 | KLASY | PERKI | SKINY | WALUTA].pb_de_dust2_2009.cstrike.PB + KLASY.
    ....dl..1.1.2.7/Stdio...i
    23:09:38.958094 IP 217.112.171.103.27022 > 168.119.35.252.28963: UDP, length 109
    E.....@.:....p.g.w#.i.q#.u .....m127.0.0.1:27022.Gamester.AVONET.cz | Paintball.cs_paintball.cstrike.Paintball Mod.../dl.................
    23:09:38.958100 IP 217.112.171.103.27022 > 168.119.35.252.28963: UDP, length 36
    E..@..@.:..a.p.g.w#.i.q#.,nt....D..www.gamester.cz HLTV........D
    23:09:38.958110 IP 45.10.56.253.27015 > 168.119.35.252.28963: UDP, length 283
    E..7-.@.7...-
    8..w#.i.q#.#......I.[TR] Rammus53 Fun Jailbreak ..sya....n | !ws - !knife.fy_iceworld_origins.csgo.Counter-Strike: Global Offensive....@.dl..1.37.8.6...i..+...0.CS.Center,T R,awp,eldiven,fun,hediye,jail,jailbreak,nametag,pr o,public,rammu,rammus,rammus53,rammus53 j,rammus53 jailbreak,secur.........
    23:09:38.958143 IP 217.112.171.103.27022 > 168.119.35.252.28963: UDP, length 36
    E..@..@.:..a.p.g.w#.i.q#.,nt....D..www.gamester.cz HLTV........D
    23:09:38.958176 IP 89.223.32.156.27014 > 168.119.35.252.28963: UDP, length 89
    E..u(8..x..QY. ..w#.i.q#.a.1....m127.0.0.1:27014.AIMaster HL TDM 1.crossfire.valve.HL Teamplay.../dw.................
    23:09:38.958200 IP 108.61.120.42.25010 > 168.119.35.252.28963: UDP, length 161
    E...o...u.%Ul=x*.w#.a.q#........I.Gryphon W3: Alpha 19.PREGEN03.7DTD.7 Days To Die......dw..00.19.04...a....AA@.BbgBQQEAGAEAsOA2E kGIAaQBHjwBKR4DAAQEkAGkAQADBASkAaQBpAGkAQcACC0AowE =.........
    23:09:38.958212 IP 92.124.134.247.27015 > 168.119.35.252.28963: UDP, length 121
    E...T~..7.~.\|...w#.i.q#...r....I0Omsk ProServer[Public]+[STEAM BONUS].de_alexandra.cstrike.Counter-Strike.
    .. .dw..1.1.2.7/Stdio...i
    .......
    .......
    23:09:38.958231 IP 155.133.227.90.27041 > 168.119.35.252.28963: UDP, length 149
    E.....@.0..N...Z.w#.i.q#........I.Valve Left4Dead 2 Australia Server (srcds071.171.27).c1m1_hotel.left4dead2.Left 4 Dead 2.&....dl..2.2.1.2...i...[.A@.coop,empty,secure.&.......
    23:09:38.958244 IP 89.223.32.156.27014 > 168.119.35.252.28963: UDP, length 87
    E..s(<..x..OY. ..w#.i.q#._......D..[PE] ^6[L]^3orena........D.[PE] Liv.......;C.Co6aka CepBepa <3 AIMaster......NIJ
    23:09:38.958281 IP 155.133.227.90.27041 > 168.119.35.252.28963: UDP, length 149
    E.....@.0..M...Z.w#.i.q#........I.Valve Left4Dead 2 Australia Server (srcds071.171.27).c1m1_hotel.left4dead2.Left 4 Dead 2.&....dl..2.2.1.2...i...[.A@.coop,empty,secure.&.......
    23:09:38.958290 IP 46.161.169.116.27021 > 168.119.35.252.28963: UDP, length 119
    E.......:.@$...t.w#.i.q#..i.....I0CSHere.RU | Hide And Seek 100aa.hns_floppytown.cstrike.CSHere.ru [Hide and Seek 100..].
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.958338 IP 46.174.52.28.27239 > 168.119.35.252.28963: UDP, length 113
    E.....@.9..#..4..w#.jgq#.y.2....I0................ .. | CSDM FFA.de_nuke.cstrike.vk.com/inshaspice4.
    .
    . dl..1.1.2.7/Stdio..gj......@.
    .......
    23:09:38.958343 IP 46.174.52.28.27239 > 168.119.35.252.28963: UDP, length 113
    E.....@.9..#..4..w#.jgq#.y.2....I0................ .. | CSDM FFA.de_nuke.cstrike.vk.com/inshaspice4.
    .
    . dl..1.1.2.7/Stdio..gj......@.
    .......
    23:09:38.958385 IP 5.189.154.238.27974 > 168.119.35.252.28963: UDP, length 170
    E.....@.<..v.....w#.mFq#..q.....I.[instagib.info] *FastRail* Ultimate Clan Arena *TDM*.hiddenfortress.baseq3.Clan Arena......dl..1069..Fm ``x1B@.clanarena,instagib,minqlx,one shoot, railgun.HO......
    23:09:38.958417 IP 46.174.53.246.27015 > 168.119.35.252.28963: UDP, length 146
    E.....@.9..(..5..w#.i.q#...}....m127.0.0.1:27015.--->***................ ........*** .......... + .............de_dust2_3x3.cstrike.vk.com/sofa_warrior.. /dl.................
    23:09:38.958423 IP 46.174.53.246.27015 > 168.119.35.252.28963: UDP, length 148
    E.....@.9..&..5..w#.i.q#........D..des......],E.Fanat_Bezika.1.....{D.T-MS | #GSClient......f>D.<<<{J:O:N:I}>>>........C.makson ........C.suetolog_kz........A.abbos9474."....9.E
    23:09:38.958428 IP 46.174.53.246.27015 > 168.119.35.252.28963: UDP, length 152
    E.....@.9.."..5..w#.i.q#..L.....I0--->***................ ........*** .......... + .............de_dust2_3x3.cstrike.vk.com/sofa_warrior.
    .. .dl..1.1.2.7./Stdio...i
    .......
    .......
    23:09:38.958470 IP 208.103.169.161.27015 > 168.119.35.252.28963: UDP, length 158
    E.....@.+....g...w#.i.q#........I.... Citrus Networks ... | Serious HaloRP | FastDL.rp_enforcer_cruiser.garrysmod.halorp....A.d l..2020.10.14...i
    ...3B@. gm:halorp gmws:248302805.........
    23:09:38.958498 IP 188.212.102.169.27015 > 168.119.35.252.28963: UDP, length 239
    E.......:.....f..w#.i.q#........I.GOMIX.INFINITYZO NE.EU | MIX/WAR MODE | COSA NOSTRA |.de_dust2.csgo.Counter-Strike: Global Offensive......dl..1.37.8.6...i..9...0..i[IZ] AutoDemoRecorder.empty,eu,gazduirejocuri,gj,infini tyzone,mix,ro,romania,stats,war,secure.........
    23:09:38.958518 IP 188.134.67.158.27015 > 168.119.35.252.28963: UDP, length 111
    E....I@.:.....C..w#.i.q#.w......I0Classic CS - PWRFACTORY.RU.de_mirage.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i......@.
    .......
    23:09:38.958527 IP 91.216.250.14.27015 > 168.119.35.252.28963: UDP, length 240
    E....O..9..7[....w#.i.q#........I.......................skial.c om | SAXTON HALE | US .............vsh_mariokart_v4.tf.VS Saxton Hale 2 (v2.10.30).... .dl..6394067...i......0.skial,stats,free_items,fre e_unusuals,alltalk,arena,increased_maxplayers,nocr its,stomp.........
    23:09:38.958542 IP 91.216.250.14.27015 > 168.119.35.252.28963: UDP, length 240
    E...8...9.%.[....w#.i.q#........I.......................skial.c om | SAXTON HALE | US .............vsh_mariokart_v4.tf.VS Saxton Hale 2 (v2.10.30).... .dl..6394067...i......0.skial,stats,free_items,fre e_unusuals,alltalk,arena,increased_maxplayers,nocr its,stomp.........
    23:09:38.958564 IP 66.150.188.230.27020 > 168.119.35.252.28963: UDP, length 76
    E..h~...y...B....w#.i.q#.T......I0-GSU- HLTV.de_dust2.cstrike.hltv.
    ..
    .dw..1.1.2.6.Q..{.:B@..i.
    .......
    23:09:38.958612 IP 83.222.115.50.27818 > 168.119.35.252.28963: UDP, length 114
    E....[..6.
    .S.s2.w#.l.q#.z......m83.222.115.50:27818......... ........ ............ 18+ [STEAM BONUS].de_dust2.cstrike.Counter-Strike.. /dl....
    23:09:38.958619 IP 83.222.115.50.27818 > 168.119.35.252.28963: UDP, length 112
    E....\..6.
    .S.s2.w#.l.q#.x......I0................ ............ 18+ [STEAM BONUS].de_dust2.cstrike.Counter-Strike.
    .. .dl..1.1.2.7/Stdio...l
    23:09:38.958667 IP 5.189.154.238.27974 > 168.119.35.252.28963: UDP, length 170
    E.....@.<..u.....w#.mFq#..q.....I.[instagib.info] *FastRail* Ultimate Clan Arena *TDM*.hiddenfortress.baseq3.Clan Arena......dl..1069..Fm ``x1B@.clanarena,instagib,minqlx,one shoot, railgun.HO......
    23:09:38.958694 IP 46.174.53.245.27015 > 168.119.35.252.28963: UDP, length 89
    E..uT...9.....5..w#.i.q#.az.....m46.174.53.245:270 15.ANTISTRESS [...AS18...].de_aztec.cstrike.BCEM GOLD VIP.. /dl....
    23:09:38.958699 IP 188.212.102.169.27015 > 168.119.35.252.28963: UDP, length 239
    E.......:.....f..w#.i.q#........I.GOMIX.INFINITYZO NE.EU | MIX/WAR MODE | COSA NOSTRA |.de_dust2.csgo.Counter-Strike: Global Offensive......dl..1.37.8.6...i..9...0..i[IZ] AutoDemoRecorder.empty,eu,gazduirejocuri,gj,infini tyzone,mix,ro,romania,stats,war,secure.........
    23:09:38.958702 IP 155.133.227.170.27053 > 168.119.35.252.28963: UDP, length 169
    E....H@.0.j<.....w#.i.q#...4....I.Valve Matchmaking Server (Sydney syd-2/srcds070 #39).cp_degrootkeep.tf.Team Fortress.... .dl..6394067...i.H.n6B@.cp,hidden,increased_maxpla yers,misc,valve.........
    23:09:38.958723 IP 155.133.227.89.27042 > 168.119.35.252.28963: UDP, length 162
    E.....@.0..,...Y.w#.i.q#..>.....I.Valve Matchmaking Server (Sydney syd-1/srcds070 #28).koth_viaduct.tf.Team Fortress.... .dl..6394067...i..|..B@.cp,hidden,increased_maxpla yers,valve.........
    23:09:38.958761 IP 51.79.167.172.27015 > 168.119.35.252.28963: UDP, length 6
    E.."5...0...3O...w#.i.q#..9.....D.........{...
    23:09:38.958763 IP 46.28.111.36.27015 > 168.119.35.252.28963: UDP, length 109
    E.....@.:.E...o$.w#.i.q#.u......I.[CZ|SK] Sven Co-op group.midu.cz.pv_c1m1.svencoop.Sven Co-op 5.24......dl..5.0.1.6...i .>D3A@..0r......
    23:09:38.958766 IP 46.174.53.245.27015 > 168.119.35.252.28963: UDP, length 87
    E..sT...9.....5..w#.i.q#._+.....I0ANTISTRESS [...AS18...].de_aztec.cstrike.BCEM GOLD VIP.
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.958801 IP 155.133.227.89.27040 > 168.119.35.252.28963: UDP, length 166
    E.....@./..0...Y.w#.i.q#..88....I.Valve Matchmaking Server (Sydney syd-1/srcds070 #26).tc_hydro.tf.Team Fortress.... .dl..6394067...i..L..A@.cp,hidden,increased_maxpla yers,misc,tc,valve.........
    23:09:38.958812 IP 155.133.247.157.27050 > 168.119.35.252.28963: UDP, length 145
    E...%.@.7........w#.i.q#..2.....I.Valve Left4Dead 2 Spain Server (srcds142.195.36).c1m1_hotel.left4dead2.Left 4 Dead 2.&....dl..2.2.1.2...i
    X...B@.coop,empty,secure.&.......
    23:09:38.958861 IP 194.67.217.47.27028 > 168.119.35.252.28963: UDP, length 658
    E.....@.7..X.C./.w#.i.q#........D..Numb3rs......`.E.pOwERAwPDocToR .$......E.Ero(XD).4......E.ElHomO.2......E.Buldogg Bobo-senemyterorry........E.etreeman........E.Kesko94.4 ......E.Player.------.."..... E GoGy^.0....@.E
    ErikBrooks.......$E.Niko........E.Spider-man......`.E.TOMASZ.".... .E.haker.
    ..... E.hrv0-.-wTf.0....@.E.LoverS|ZOoKeYYY[K].......p.E.KaTaNa_aVOiDmE_KoMsIjA.,......E.whateve r.......'E.[R.A.]=>COA_Q-9?........E.legija.*......E.SHAKIRALOVEE~. ....` E.Republika_Srpska.......'E.RaK!c<3aLeXaNdRu./.....#E.MajklDudikof.!......E.^s.P.e.e.D^Awp*-.^........E.zokam......@.E.PivOpije<>SnIpEs<3Olja. ........E.Sc0uT.m0d3.&..... E.BorisTheBulletDodger........E.(1)RevCrew.0....`) E
    23:09:38.958864 IP 91.210.189.79.27027 > 168.119.35.252.28963: UDP, length 116
    E.....@.7.].[..O.w#.i.q#.|......I0B rocT9x y Princesski | GunGame.gg_magichall.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i......@.
    .......
    23:09:38.958865 IP 194.67.217.47.27028 > 168.119.35.252.28963: UDP, length 96
    E..|..@.7....C./.w#.i.q#.h1<....I/CS1.6[HIGHFPSSERVER1000FPS].awp_bycastor.cstrike.Counter-Strike.
    .. .dl.11.1.2.6/Stdio...i
    23:09:38.958910 IP 185.25.183.81.27020 > 168.119.35.252.28963: UDP, length 133
    E...!.@.5......Q.w#.i.q#........I.Counter-Strike: Global Offensive.de_inferno.csgo.Counter-Strike: Global Offensive...

    .dl..1.37.8.6...ivalve_ds,secure.........
    23:09:38.958955 IP 93.123.18.90.27017 > 168.119.35.252.28963: UDP, length 156
    E....0..9.H.]{.Z.w#.i.q#........I0[Danger-cs.eu] Deathrun [Speedrun|24/7|Ranks|VIP|DR|Models|KnifeModels|Respawn|Race].deathrun_coolf2.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i
    23:09:38.958961 IP 46.174.50.24.27210 > 168.119.35.252.28963: UDP, length 137
    E.....@.9.....2..w#.jJq#...G....m127.0.0.1:27210.M yArena.ru ................ ............ 1000 FPS.de_dust_cz.czero.Game Hosting by MyArena.ru.. /dl.................
    23:09:38.958966 IP 46.174.50.24.27210 > 168.119.35.252.28963: UDP, length 6
    E.."..@.9.....2..w#.jJq#...*....D.........@.w.
    23:09:38.959059 IP 84.22.153.100.27016 > 168.119.35.252.28963: UDP, length 97
    E..}....x...T..d.w#.i.q#.i......I0Dawn Team HL.trench_64.valve.D A W N HL Teamplay.F....dw..1.1.2.2/Stdio...i......@.F.......
    23:09:38.959095 IP 94.100.3.38.2009 > 168.119.35.252.28963: UDP, length 115
    E.....@.6..a^d.&.w#...q#.{H.....I0 ... CSWOS.COM :: de_dust2 ....de_dust2.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio..........@.
    .......
    23:09:38.959109 IP 116.211.145.21.27051 > 168.119.35.252.28963: UDP, length 137
    E...A.......t....w#.i.q#........I0[sorpack.com]-51...............(Aot1an.Guao).deathrun_waterland_ b4.cstrike.Deathrun v5.2.
    ....dw..1.1.2.7/Stdio...i......@.
    .......
    23:09:38.959111 IP 155.133.227.89.27073 > 168.119.35.252.28963: UDP, length 162
    E.....@.0..+...Y.w#.i.q#..`.....I.Valve Matchmaking Server (Sydney syd-1/srcds070 #59).cp_gravelpit.tf.Team Fortress.... .dl..6394067...i....5B@.cp,hidden,increased_maxpla yers,valve.........
    23:09:38.959139 IP 155.133.227.169.27038 > 168.119.35.252.28963: UDP, length 163
    E....x@./.G......w#.i.q#..r.....I.Valve Matchmaking Server (Sydney syd-2/srcds069 #24).cp_metalworks.tf.Team Fortress.... .dl..6394067...i.`..)B@.cp,hidden,increased_maxpla yers,valve.........
    23:09:38.959143 IP 93.114.97.10.27015 > 168.119.35.252.28963: UDP, length 110
    E.......7.B.]ra
    .w#.i.q#.v}d....I0==> CS.ALEXONE.RO <== Server Public NonStop.de_dust2x2.cstrike.Counter-Strike.
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.959157 IP 84.22.153.100.27016 > 168.119.35.252.28963: UDP, length 97
    E..}....x...T..d.w#.i.q#.i......I0Dawn Team HL.trench_64.valve.D A W N HL Teamplay.F....dw..1.1.2.2/Stdio...i......@.F.......
    23:09:38.959205 IP 64.40.8.238.28015 > 168.119.35.252.28963: UDP, length 216
    E.....@.8.$.@(...w#.moq#..>w....I.VortexRust.gg|2x Solo Duo Trio Quad|Full Map BP Wipe! 4/2.Vortex_c4000_1933143701.rust.Rust....,.dl..2293. .om
    ...;B@.mp300,cp153,ptrak,qp0,v2293,weekly,h64df269 0,stok,born1617396899,gmrust,oxide,modded.J.......
    23:09:38.959206 IP 46.174.52.14.27258 > 168.119.35.252.28963: UDP, length 98
    E..~.:..9.....4..w#.jzq#.j.p....m46.174.52.14:2725 8................. Knife DM +Shop.35hp_2.cstrike.vk.com/crazyknife.../dl....
    23:09:38.959211 IP 46.174.52.14.27258 > 168.119.35.252.28963: UDP, length 97
    E..}.;..9.....4..w#.jzq#.i.%....I0................ Knife DM +Shop.35hp_2.cstrike.vk.com/crazyknife.
    ....dl..1.1.2.7/Stdio..zj
    23:09:38.959255 IP 92.119.148.85.27015 > 168.119.35.252.28963: UDP, length 286
    E..:g/.....C\w.U.w#.i.q#.&~.....I.[GFLClan.com] KZ Climb #1 Easy [Tier1-2] 128-tick | GLOBAL | !W.kz_rush2suck.csgo.Counter-Strike: Global Offensive......dl..1.37.8.6...i(y<...0.128,_,climb ,eas,for,games,gfl,gflclan,global,gokz,kreedz,kz,k zclimb,kzt,life,mode,simplekz,skz,style,tickrate,t imer,vanilla,vnl.........
    23:09:38.959302 IP 155.133.227.90.27078 > 168.119.35.252.28963: UDP, length 149
    E.....@.0..O...Z.w#.i.q#..@U....I.Valve Left4Dead 2 Australia Server (srcds071.171.64).c1m1_hotel.left4dead2.Left 4 Dead 2.&....dl..2.2.1.2...i...[.A@.coop,empty,secure.&.......
    23:09:38.959388 IP 185.243.182.110.27015 > 168.119.35.252.28963: UDP, length 126
    E...Cr.........n.w#.i.q#...8....I0[Yonet..m al..m.. var] AnadoluClan [ -10- ] ProPublic Area.aim_ak_colt.cstrike.Counter-Strike.
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.959400 IP 190.0.163.182.27031 > 168.119.35.252.28963: UDP, length 134
    E.......s..B.....w#.i.q#...s....m190.0.163.182:270 31.N1 ~ LNJ [Zombie Carnage] [Nightmare] SV #N2: implnj.com:27032.zc_monaco.cstrike.Zombie Carnage 8.0.. /dw....
    23:09:38.959404 IP 62.122.214.238.27015 > 168.119.35.252.28963: UDP, length 97
    E..}YO..9.FE>z...w#.i.q#.i.~....I0CS PROFESSIONAL ARENA ...de_dust2.cstrike.VIP-...................
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.959439 IP 185.91.116.38.27032 > 168.119.35.252.28963: UDP, length 176
    E...a/@.9....[t&.w#.i.q#........I.[exfrag.com] Retakes | gloves,knife,ws.de_inferno.csgo.Counter-Strike: Global Offensive......dl..1.37.8.6...i.W+...0...GOTV.128, exfrag,retakes,HLstatsX:CE,secure.........
    23:09:38.959449 IP 190.0.163.182.27031 > 168.119.35.252.28963: UDP, length 6
    E.."....s........w#.i.q#........D..........-.&
    23:09:38.959454 IP 190.195.145.64.27020 > 168.119.35.252.28963: UDP, length 112
    E.......n.;....@.w#.i.q#.x.P....I0[3][RS][TrasgoServer][MixClasico].De_mirage.cstrike.Mix Clasico.
    ....dw..1.1.2.6/Stdio...i......@.
    .......
    23:09:38.959490 IP 155.133.227.89.27054 > 168.119.35.252.28963: UDP, length 158
    E.....@./..7...Y.w#.i.q#........I.Valve Matchmaking Server (Sydney syd-1/srcds070 #40).cp_steel.tf.Team Fortress.... .dl..6394067...i...'4B@.cp,hidden,increased_maxpla yers,valve.........
    23:09:38.959498 IP 93.123.18.39.27019 > 168.119.35.252.28963: UDP, length 89
    E..u....9.o.]{.'.w#.i.q#.aS.....I0Virus.ee | HideAndSeek 100aa.hnsru_inferno.cstrike.[HNS].
    ....dl..1.1.2.7/Stdio...i
    23:09:38.959505 IP 190.0.163.182.27031 > 168.119.35.252.28963: UDP, length 132
    E.......s..B.....w#.i.q#........I0N1 ~ LNJ [Zombie Carnage] [Nightmare] SV #N2: implnj.com:27032.zc_monaco.cstrike.Zombie Carnage 8.0.
    .. .dw..1.1.2.7/Stdio...i
    23:09:38.959536 IP 176.36.254.82.27015 > 168.119.35.252.28963: UDP, length 102
    E.....@.8....$.R.w#.i.q#.n......I0=CS.SRV::Classic .[24/7]=.de_train.cstrike.[NIGHT VIP].
    .. .dl..1.6.3.7/Stdio...i......@.
    .......
    23:09:38.959543 IP 155.133.227.89.27054 > 168.119.35.252.28963: UDP, length 158
    E.....@./..6...Y.w#.i.q#........I.Valve Matchmaking Server (Sydney syd-1/srcds070 #40).cp_steel.tf.Team Fortress.... .dl..6394067...i...'4B@.cp,hidden,increased_maxpla yers,valve.........
    23:09:38.959586 IP 176.36.254.82.27015 > 168.119.35.252.28963: UDP, length 102
    E.....@.8....$.R.w#.i.q#.n......I0=CS.SRV::Classic .[24/7]=.de_train.cstrike.[NIGHT VIP].
    .. .dl..1.6.3.7/Stdio...i......@.
    .......
    23:09:38.959598 IP 199.60.101.251.27035 > 168.119.35.252.28963: UDP, length 267
    E..'
    ...r.C..<e..w#.i.q#..h.....I.ARK Server Hosted by HostHavoc.com - (v325.13).TheIsland.ark_survival_evolved.ARK: Survival Evolved......dw..1.0.0.0..k..`.".A@.,OWNINGID:9014 4513649172481,OWNINGNAME:90144513649172481,NUMOPEN PUBCONN:30,P2PADDR:90144513649172481,P2PPORT:7787, LEGACY_i:0..G......
    23:09:38.959658 IP 208.103.169.54.27016 > 168.119.35.252.28963: UDP, length 183
    E.....@.+. .g.6.w#.i.q#........I....... Velkon Gaming MC #2 | 24/7 Minecraft | velk.ca.ttt_minecraft_b5.garrysmod.Trouble in Terrorist Town.... .dl..2020.10.14...iZ.;...0. gm:terrortown gmws:5214521521.........
    23:09:38.959684 IP 31.214.240.247.27085 > 168.119.35.252.28963: UDP, length 138
    E.......z.c......w#.i.q#... ....I. MAXFPS [ Zombie Escape ] v34|Rank|VIP|Skins|FastDL.ze_necromanteion_v3_1s_f ix_v34.cstrike.Counter-Strike: Source....@.dl..1.0.0.34.
    23:09:38.959694 IP 155.133.227.146.27032 > 168.119.35.252.28963: UDP, length 137
    E...b.@./........w#.i.q#........I.Counter-Strike: Global Offensive.de_dust2.csgo.Counter-Strike: Global Offensive....
    .dl..1.37.8.6...ivalve_ds,empty,secure.........
    23:09:38.959731 IP 145.239.237.107.27110 > 168.119.35.252.28963: UDP, length 104
    E....~..4......k.w#.i.q#.p.[....m145.239.237.107:27110.[AIM HS] Only HS ^ 1shot1kill.pl.aim_map_esl.cstrike.Counter-Strike.../dl....
    23:09:38.959737 IP 145.239.237.107.27110 > 168.119.35.252.28963: UDP, length 6
    E.."....4..}...k.w#.i.q#........D............y
    23:09:38.959741 IP 145.239.237.107.27110 > 168.119.35.252.28963: UDP, length 100
    E.......4......k.w#.i.q#.l......I0[AIM HS] Only HS ^ 1shot1kill.pl.aim_map_esl.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i
    23:09:38.959743 IP 91.224.117.14.27050 > 168.119.35.252.28963: UDP, length 195
    E...<I@.4.lc[.u..w#.i.q#..(.....I0[FREEVIP 20-7]:[COD:MW3 4001]:[AWANSE]:[NOCNY EXP]:[/freelvl]:[SKINY CS:GO]:[Cs-Creativ.pl] @ 1shot1kill.pl.de_dust2.cstrike.~~ 21-7 FREE VIP! ~~.
    ....dl..1.1.2.7/Stdio...i......@.
    .......
    23:09:38.959745 IP 145.239.237.107.27110 > 168.119.35.252.28963: UDP, length 104
    E.......4......k.w#.i.q#.p.[....m145.239.237.107:27110.[AIM HS] Only HS ^ 1shot1kill.pl.aim_map_esl.cstrike.Counter-Strike.../dl....
    23:09:38.959749 IP 145.239.237.107.27110 > 168.119.35.252.28963: UDP, length 6
    E.."....4..z...k.w#.i.q#........D.........\..1
    23:09:38.959756 IP 145.239.237.107.27110 > 168.119.35.252.28963: UDP, length 100
    E.......4......k.w#.i.q#.l......I0[AIM HS] Only HS ^ 1shot1kill.pl.aim_map_esl.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i
    23:09:38.959815 IP 155.133.227.66.27037 > 168.119.35.252.28963: UDP, length 137
    E...N.@.0..x...B.w#.i.q#...a....I.Counter-Strike: Global Offensive.de_dust2.csgo.Counter-Strike: Global Offensive....
    .dl..1.37.8.6...ivalve_ds,empty,secure.........
    23:09:38.959829 IP 182.92.213.163.27015 > 168.119.35.252.28963: UDP, length 134
    E...nb.....u.\...w#.i.q#..
    P....m127.0.0.1:27015................06........... . ...................de_morgenland_b4.dod.www.dod168.com........ /dw.................
    23:09:38.959868 IP 185.119.89.100.27020 > 168.119.35.252.28963: UDP, length 89
    E..u....;....wYd.w#.i.q#.a......I0Luda Ekipa | Public.de_clan1_mill.cstrike.Counter-Strike.
    .. .dl..1.1.2.7/Stdio...i
    23:09:38.959878 IP 182.92.213.163.27015 > 168.119.35.252.28963: UDP, length 206
    E...nc.....,.\...w#.i.q#..!o....D..=|L-H|=[v]Bobo........F.=|L-H|=[v]Wanglili........F.=|L-H|=[v]Sunshine........F.=|L-H|=[v]4678........F.=|L-H|=[v]00........F.=|L-H|=[v]link........F.=|L-H|=[v]Laoding........F.=|L-H|=[v]lee........F
    23:09:38.959882 IP 182.92.213.163.27015 > 168.119.35.252.28963: UDP, length 139
    E...nd.....n.\...w#.i.q#...4....I0...............0 6............ ...................de_morgenland_b4.dod.www.dod168.com.......... .dw..1.1.2.6/Stdio...i................
    23:09:38.959886 IP 195.3.145.130.27015 > 168.119.35.252.28963: UDP, length 113
    E.....@.7."g.....w#.i.q#.y.,....I0www.PLAYHARD.lv || Dust2Land.de_dust2_2x2.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i......@.
    .......
    23:09:38.959890 IP 195.3.145.130.27015 > 168.119.35.252.28963: UDP, length 113
    E.....@.7."g.....w#.i.q#.y.,....I0www.PLAYHARD.lv || Dust2Land.de_dust2_2x2.cstrike.Counter-Strike.
    ....dl..1.1.2.7/Stdio...i......@.
    .......
    100 packets captured
    229 packets received by filter
    77 packets dropped by kernel

  4. #4
    Private First Class
    Join Date
    Nov 2015
    Posts
    128
    Thanks
    37
    Thanked 14 Times in 14 Posts
    Quote Originally Posted by kung foo man View Post
    What's the content of these packages?

    May be easy enough to just make a hashmap (key: ip, value: meta info of received packages) in C++ and drop these packages from libcod.

    Example code here: https://github.com/kungfooman/libcod...ibcod.cpp#L816

    23:23:29.483456 IP 186.216.68.245.61321 > 168.119.35.252.28962: UDP, length 11
    E..'.q..w.....D..w#...q"........getinfo....#..
    23:23:29.483460 IP 185.25.182.77.53727 > 168.119.35.252.28962: UDP, length 16
    E..,....w._....M.w#...q"........getinfo xxx..q
    23:23:29.483486 IP 185.191.171.26.60404 > 168.119.35.252.28962: UDP, length 13
    E..)....w........w#...q"..9.....getstatus...T.
    23:23:29.483505 IP 185.94.219.72.54225 > 168.119.35.252.28962: UDP, length 16
    E..,....w.@..^.H.w#...q"........getinfo xxx..E

    packet contents of 11-13-16 bytes are these

    also i get something meaningless bytes about Counter Strike

    can i handle with all of them via libcod?
    Last edited by feanor; 2nd April 2021 at 21:39.

  5. #5
    Global Mossaderator Mitch's Avatar
    Join Date
    Nov 2012
    Posts
    643
    Thanks
    202
    Thanked 439 Times in 296 Posts
    The cs 1.6 status or info messages look like spoofed messages to the cs server and amplified back to your server.

    https://www.gametracker.com/server_i....11.214:27026/
    https://www.gametracker.com/server_i...145.130:27015/
    https://www.gametracker.com/server_i...240.247:27085/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •