From: Georgi Alexandrov <georgi.alexandrov@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: [LARTC] shareaza
Date: Sun, 11 Dec 2005 22:13:52 +0200 [thread overview]
Message-ID: <439C8880.2030301@gmail.com> (raw)
In-Reply-To: <439C6F56.6080107@solutti.com.br>
Leonardo Rodrigues Magalhães wrote:
>
>>>
>>> Is there any way to do that? How can I keep track of the
>>> traffic generated by shareaza only?
>>>
>> Perhaps you need something like l7-filter.sf.net ?
>>
>
> Maybe l7-filter is not necessary. For classifying P2P traffic, you can
> use ipp2p module, available through patch-o-matic or newest code from
> here http://ipp2p.org/ !
>
> Seems that Shareaza is matched with --gnu !!
>
>
>
> [root@correio ~]# iptables -m ipp2p --help
> [ ........ ]
> IPP2P v0.7.2 options:
> --ipp2p Grab all known p2p packets
> --ipp2p-data Identify all known p2p download commands (obsolete)
>
> --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
> --dc [TCP] All known Direct Connect packets
> --kazaa [TCP&UDP] All known KaZaA packets
> --gnu [TCP&UDP] All known Gnutella packets
> --bit [TCP&UDP] All known BitTorrent packets
> --apple [TCP] All known AppleJuice packets (beta - just a few tests
> until now)
> --winmx [TCP] All known WinMX (beta - need feedback)
> --soul [TCP] All known SoulSeek (beta - need feedback!)
> --ares [TCP] All known Ares - use with DROP only (beta - need feedback!)
>
> --edk-data [TCP] eDonkey/eMule/Overnet download commands (obsolete)
> --dc-data [TCP] Direct Connect download command (obsolete)
> --kazaa-data [TCP] KaZaA download command (obsolete)
> --gnu-data [TCP] Gnutella download command (obsolete)
>
> Note that the follwing options will have the same meaning:
> '--ipp2p' is equal to '--edk --dc --kazaa --gnu'
> '--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'
>
> IPP2P was intended for TCP only. Due to increasing usage of UDP we
> needed to change this.
> You can now use -p udp to search UDP packets only or without -p switch
> to search UDP and TCP packets.
>
> See README included with this package for more details or visit
> http://www.ipp2p.org
>
> Examples:
> iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
> iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
> iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP
>
> iptables -m ipp2p --help [root@correio ~]#
>
I messed it up (sorry list). That was for the lartc mailing list.
I guess I need to shorten the number of lists that I'm subscribed to ;-)
Georgi Alexandrov
P.S.
You're right. ipp2p can also do the trick.
prev parent reply other threads:[~2005-12-11 20:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20051211144541.GA4079@ncrfgs3.ncrfgs>
[not found] ` <439C462F.6050308@gmail.com>
[not found] ` <20051211170044.GA4257@ncrfgs3.ncrfgs>
2005-12-11 17:14 ` [LARTC] shareaza Georgi Alexandrov
2005-12-11 18:26 ` Leonardo Rodrigues Magalhães
2005-12-11 20:13 ` Georgi Alexandrov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=439C8880.2030301@gmail.com \
--to=georgi.alexandrov@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox