From: "Leonardo Rodrigues Magalhães" <leolistas@solutti.com.br>
To: netfilter@lists.netfilter.org
Subject: Re: [LARTC] shareaza
Date: Sun, 11 Dec 2005 15:26:30 -0300 [thread overview]
Message-ID: <439C6F56.6080107@solutti.com.br> (raw)
In-Reply-To: <439C5E63.1060209@gmail.com>
>>
>> Is there any way to do that? How can I keep track of the
>> traffic generated by shareaza only?
>>
> Perhaps you need something like l7-filter.sf.net ?
>
Maybe l7-filter is not necessary. For classifying P2P traffic, you
can use ipp2p module, available through patch-o-matic or newest code
from here http://ipp2p.org/ !
Seems that Shareaza is matched with --gnu !!
[root@correio ~]# iptables -m ipp2p --help
[ ........ ]
IPP2P v0.7.2 options:
--ipp2p Grab all known p2p packets
--ipp2p-data Identify all known p2p download commands (obsolete)
--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
--dc [TCP] All known Direct Connect packets
--kazaa [TCP&UDP] All known KaZaA packets
--gnu [TCP&UDP] All known Gnutella packets
--bit [TCP&UDP] All known BitTorrent packets
--apple [TCP] All known AppleJuice packets (beta -
just a few tests until now)
--winmx [TCP] All known WinMX (beta - need feedback)
--soul [TCP] All known SoulSeek (beta - need feedback!)
--ares [TCP] All known Ares - use with DROP only
(beta - need feedback!)
--edk-data [TCP] eDonkey/eMule/Overnet download commands
(obsolete)
--dc-data [TCP] Direct Connect download command (obsolete)
--kazaa-data [TCP] KaZaA download command (obsolete)
--gnu-data [TCP] Gnutella download command (obsolete)
Note that the follwing options will have the same meaning:
'--ipp2p' is equal to '--edk --dc --kazaa --gnu'
'--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'
IPP2P was intended for TCP only. Due to increasing usage of UDP we
needed to change this.
You can now use -p udp to search UDP packets only or without -p switch
to search UDP and TCP packets.
See README included with this package for more details or visit
http://www.ipp2p.org
Examples:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP
iptables -m ipp2p --help
[root@correio ~]#
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
next prev parent reply other threads:[~2005-12-11 18:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-11 14:45 [LARTC] shareaza ncrfgs
2005-12-11 15:30 ` Georgi Alexandrov
2005-12-11 17:00 ` ncrfgs
2005-12-11 17:14 ` Georgi Alexandrov
2005-12-11 18:26 ` Leonardo Rodrigues Magalhães [this message]
2005-12-11 20:13 ` Georgi Alexandrov
2005-12-11 17:12 ` Andreas Unterkircher
2005-12-11 17:49 ` ncrfgs
2005-12-11 18:45 ` Andreas Unterkircher
2005-12-11 20:03 ` Georgi Alexandrov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=439C6F56.6080107@solutti.com.br \
--to=leolistas@solutti.com.br \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.