From mboxrd@z Thu Jan  1 00:00:00 1970
From: Georgi Alexandrov <georgi.alexandrov@gmail.com>
Subject: Re: [LARTC] shareaza
Date: Sun, 11 Dec 2005 22:13:52 +0200
Message-ID: <439C8880.2030301@gmail.com>
References: <20051211144541.GA4079@ncrfgs3.ncrfgs>	<439C462F.6050308@gmail.com>	<20051211170044.GA4257@ncrfgs3.ncrfgs>	<439C5E63.1060209@gmail.com>
	<439C6F56.6080107@solutti.com.br>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Return-path: <netfilter-bounces@lists.netfilter.org>
In-Reply-To: <439C6F56.6080107@solutti.com.br>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-bounces@lists.netfilter.org
Errors-To: netfilter-bounces@lists.netfilter.org
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
To: netfilter@lists.netfilter.org

Leonardo Rodrigues Magalh=C3=A3es wrote:

>
>>>
>>> Is there any way to do that? How can I keep track of the
>>> traffic generated by shareaza only?
>>>
>> Perhaps you need something like l7-filter.sf.net ?
>>
>
> Maybe l7-filter is not necessary. For classifying P2P traffic, you can=20
> use ipp2p module, available through patch-o-matic or newest code from=20
> here http://ipp2p.org/ !
>
> Seems that Shareaza is matched with --gnu !!
>
>
>
> [root@correio ~]# iptables -m ipp2p --help
> [ ........ ]
> IPP2P v0.7.2 options:
> --ipp2p Grab all known p2p packets
> --ipp2p-data Identify all known p2p download commands (obsolete)
>
> --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
> --dc [TCP] All known Direct Connect packets
> --kazaa [TCP&UDP] All known KaZaA packets
> --gnu [TCP&UDP] All known Gnutella packets
> --bit [TCP&UDP] All known BitTorrent packets
> --apple [TCP] All known AppleJuice packets (beta - just a few tests=20
> until now)
> --winmx [TCP] All known WinMX (beta - need feedback)
> --soul [TCP] All known SoulSeek (beta - need feedback!)
> --ares [TCP] All known Ares - use with DROP only (beta - need feedback!)
>
> --edk-data [TCP] eDonkey/eMule/Overnet download commands (obsolete)
> --dc-data [TCP] Direct Connect download command (obsolete)
> --kazaa-data [TCP] KaZaA download command (obsolete)
> --gnu-data [TCP] Gnutella download command (obsolete)
>
> Note that the follwing options will have the same meaning:
> '--ipp2p' is equal to '--edk --dc --kazaa --gnu'
> '--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'
>
> IPP2P was intended for TCP only. Due to increasing usage of UDP we=20
> needed to change this.
> You can now use -p udp to search UDP packets only or without -p switch=20
> to search UDP and TCP packets.
>
> See README included with this package for more details or visit=20
> http://www.ipp2p.org
>
> Examples:
> iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
> iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
> iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP
>
> iptables -m ipp2p --help [root@correio ~]#
>
I messed it up (sorry list). That was for the lartc mailing list.
I guess I need to shorten the number of lists that I'm subscribed to ;-)


Georgi Alexandrov

P.S.
You're right. ipp2p can also do the trick.