* [ANNOUNCE] Protowatch userspace monitoring for anomalous packets
@ 2003-05-22 18:50 Justin Pryzby
0 siblings, 0 replies; only message in thread
From: Justin Pryzby @ 2003-05-22 18:50 UTC (permalink / raw)
To: netfilter
See [http://www.sf.net/projects/protowatch/]. I thought this list might
be interested in my use of userland QUEUEing, though such use was
probably not intended by the author of the QUEUE target!
A section from the README file is included.
The interesting lines of code are:
listen(sock, 1));
ipq_set_verdict(h, msg->packet_id, NF_ACCEPT, 0,0);
client=accept(sock, (struct sockaddr *) &addr, &len);
Please Cc: me in all replies, I am not subscribed.
Justin Pryzby
From the README:
Protowatch is a userspace extension to Linux's 2.4 iptables firewalling
code. It is intended to watch all unanticipated traffic which reaches a
machine. `iptables -t filter -A INPUT -j QUEUE` will effectively create
a new 'policy' sending all previously-unhandled packets to userspace.
Userspace will dynamically start a server to accept the packet, and log
whatever the client sends. Useful for discovering what protocols are in use.
Protowatch is intended to allow for easy identification of protocols;
previously, to identify a Gnutella-type connection, the author had to
modify his firewall script to accept connections to TCP:6346, then
manually run a netcat listener. Protowatch automates this process.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-05-22 18:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-22 18:50 [ANNOUNCE] Protowatch userspace monitoring for anomalous packets Justin Pryzby
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.