iptables: How to read this OPT string?

iptables logging

Solution 1:

0204057D010303010101080A3E521D4D0000000004020000
From a sans.org study guide,
the first 2 bytes (0x0204) 04--is-length 02 means MSS flag
the next 2 bytes (0x057D) are the value for maximum size segment (MSS)
the next byte (0x01) is a no-op
the next 2 bytes (0x0303) indicate a windows scaling is enabled

the 3 bytes ("010101") are no-ops (AKA padding)
the 2 next bytes ("080a") flag a time stamp value
the 4 next bytes (("0x3E521D4D00000000") are date time 5 * 2 bytes
the 4 next bytes ("0402") sAck Ok

The master document: ftp://ftp.ietf.org/iana/tcp-parameters/tcp-parameters.xml
Others: https://datatracker.ietf.org/doc/html/draft-ietf-tcpm-tcp-security-03
http://www.ietf.org/mail-archive/web/tcpm/current/msg03199.html

for humor! : https://www.rfc-editor.org/rfc/rfc5841

Solution 2:

The RFC 791 defines the IPv4 protocol. In section 3.1, starting at page 15, there is an explanation about the OPTIONS field.

Source : RFC 791

Related

Grant full mailbox access to Domain Admins in Exchange 2010, including all new mailboxes?
How to configure Elastic Beanstalk for using Rails with Postgres?
Server responds "bus error" to every command
Introducing a Windows Domain Controller into an all mac-client network
How to upload own OS ISO on Microsoft Azure Cloud Platform? [closed]
Is there a Kerberos testing tool?
Cannot start ` Secure Socket Tuning Protocol Service`
Re-install (repair) Server 2012 Roles & Features
How should secret files be pushed to an EC2 (on AWS) Ruby on Rails application?
mdadm: Disk configuration by UUID
Websphere JSESSIONID cookie overwrite between two apps on the same domain (different ports / context roots)
Is "inet addr" my or "bcast" my machine's actual IP? [closed]