ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Mangle
  • Chains
  • Examples by Action
  • Custom TTL
  • Marking packets for differentiated treatment
  • Modifying packet flags

Was this helpful?

  1. Network
  2. Traffic Manipulation
  3. iptables

Mangle

Mangle

Chains

PREROUTING

Engaged for incoming packets before any routing decision is made, suitable for DNAT.

POSTROUTING

Activated for outgoing packets after all routing decisions have been made, ideal for SNAT and masquerading.

OUTPUT

Applied to locally generated packets before they are sent out, allowing for DNAT on outgoing traffic.

Examples by Action

Custom TTL

sudo iptables -t mangle -A POSTROUTING -j TTL --ttl-set 128

Windows 128

Cisco 255

Linux 64

Increase TTL to prevent packets from expiring prematurely:

iptables -t mangle -A PREROUTING -i eth0 -j TTL --ttl-inc 64

Decrease TTL to restrict packet reach to a specific network segment:

iptables -t mangle -A POSTROUTING -o eth1 -d 192.168.2.0/24 -j TTL --ttl-set 32

This rule sets the TTL of outgoing packets destined for the 192.168.2.0/24 network to 32, limiting their reach to that segment.

Marking packets for differentiated treatment

Mark packets based on source IP for specific routing:

iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.10 -j MARK --set-mark 0x10

Mark packets based on destination port for specific firewall rules:

iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j MARK --set-mark 0x20

This marks packets targeting port 80 with 0x20 for applying specific firewall rules later.

Modifying packet flags

Disable timestamps on outgoing packets for performance optimization:

iptables -t mangle -A POSTROUTING -o eth0 -j TSOFF

Enable IP options for specific applications:

iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 443 -j TOS --set-tos 0x10

This sets the Type of Service (TOS) field for HTTPS traffic (port 443) to 0x10, potentially enabling specific options needed by the application.

Changing the DSCP Field of Outgoing Packets

Differentiated Services Code Point (DSCP) can be used for quality of service (QoS) purposes.

This rule sets the DSCP field for outgoing HTTP traffic to prioritize it within the network.

iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j DSCP --set-dscp 32
PreviousNATNextFilter for SSH Traffic (Example)

Last updated 1 year ago

Was this helpful?

⛓️