ipopts

The ipopts keyword is used to check if a specific IP option is present.

The following options may be checked:

rr

- Record Route

eol

- End of list

nop

- No Op

ts

- Time Stamp

sec

- IP Security

esec

- IP Extended Security

lsrr

- Loose Source Routing

lsrre

- Loose Source Routing (For MS99-038 and CVE-1999-0909)

ssrr

- Strict Source Routing

satid

- Stream identifier

any

- any IP options are set

The most frequently watched for IP options are strict and loose source routing which aren't used in any widespread internet applications.