From: "Leonardo Rodrigues Magalhães" <leolistas@solutti.com.br>
To: netfilter@lists.netfilter.org
Subject: Re: [LARTC] shareaza
Date: Sun, 11 Dec 2005 15:26:30 -0300 [thread overview]
Message-ID: <439C6F56.6080107@solutti.com.br> (raw)
In-Reply-To: <439C5E63.1060209@gmail.com>
>>
>> Is there any way to do that? How can I keep track of the
>> traffic generated by shareaza only?
>>
> Perhaps you need something like l7-filter.sf.net ?
>
Maybe l7-filter is not necessary. For classifying P2P traffic, you
can use ipp2p module, available through patch-o-matic or newest code
from here http://ipp2p.org/ !
Seems that Shareaza is matched with --gnu !!
[root@correio ~]# iptables -m ipp2p --help
[ ........ ]
IPP2P v0.7.2 options:
--ipp2p Grab all known p2p packets
--ipp2p-data Identify all known p2p download commands (obsolete)
--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
--dc [TCP] All known Direct Connect packets
--kazaa [TCP&UDP] All known KaZaA packets
--gnu [TCP&UDP] All known Gnutella packets
--bit [TCP&UDP] All known BitTorrent packets
--apple [TCP] All known AppleJuice packets (beta -
just a few tests until now)
--winmx [TCP] All known WinMX (beta - need feedback)
--soul [TCP] All known SoulSeek (beta - need feedback!)
--ares [TCP] All known Ares - use with DROP only
(beta - need feedback!)
--edk-data [TCP] eDonkey/eMule/Overnet download commands
(obsolete)
--dc-data [TCP] Direct Connect download command (obsolete)
--kazaa-data [TCP] KaZaA download command (obsolete)
--gnu-data [TCP] Gnutella download command (obsolete)
Note that the follwing options will have the same meaning:
'--ipp2p' is equal to '--edk --dc --kazaa --gnu'
'--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'
IPP2P was intended for TCP only. Due to increasing usage of UDP we
needed to change this.
You can now use -p udp to search UDP packets only or without -p switch
to search UDP and TCP packets.
See README included with this package for more details or visit
http://www.ipp2p.org
Examples:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP
iptables -m ipp2p --help
[root@correio ~]#
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
next prev parent reply other threads:[~2005-12-11 18:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20051211144541.GA4079@ncrfgs3.ncrfgs>
[not found] ` <439C462F.6050308@gmail.com>
[not found] ` <20051211170044.GA4257@ncrfgs3.ncrfgs>
2005-12-11 17:14 ` [LARTC] shareaza Georgi Alexandrov
2005-12-11 18:26 ` Leonardo Rodrigues Magalhães [this message]
2005-12-11 20:13 ` Georgi Alexandrov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=439C6F56.6080107@solutti.com.br \
--to=leolistas@solutti.com.br \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox