Пример проверки, осуществляемой системой CyberCop CASL
# spoof_check.cape
# this script is used by the built-in filter checks
# please do not modify it
ip
ip_version=4
ip_proto=IPPROTO_UDP
ip_flags=0
ip_id=42
ip_done
udp
udp_sport=6834
udp_dport=5574
udp_done
data=SAS-ipspoofing
end_of_packet
