Re: [LARTC] shareaza

Re: [LARTC] shareaza

[Georgi Alexandrov]

ncrfgs wrote:

>On Sun, Dec 11, 2005 at 05:30:55PM +0200, Georgi Alexandrov wrote:
>  
>
>>>If B uploads a file to C through gnutella everything works
>>>like a charm since packets look just like this:
>>>
>>> 192.168.0.2:6346 > xxx.xxx.xxx.xxx:yyyyy
>>>
>>>With tc I filter packets whose source port is 6346 and
>>>everything is fine.
>>>      
>>>
>>You can classify the traffic from B going out trough ppp0 with 
>>netfilter/iptables like this:
>>    
>>
>
>What you wrote is indeed very similar to what I use right 
>now except for the fact that I'm classifying according to
>the source port, too.
>
>The side effect of your configuration is that all of the
>traffic from B though ppp0 is shaped. The configuration
>you've suggested is interesting but I'd like to limit the
>shareaza traffic only.
>
>Is there any way to do that? How can I keep track of the
>traffic generated by shareaza only?
>
>
>
>Thanks in advance.
>
>Best regards.
>  
>
Perhaps you need something like l7-filter.sf.net ?


Georgi Alexandrov

Re: [LARTC] shareaza

[Leonardo Rodrigues Magalhães]

>>
>> Is there any way to do that? How can I keep track of the
>> traffic generated by shareaza only?
>>
> Perhaps you need something like l7-filter.sf.net ?
>

    Maybe l7-filter is not necessary. For classifying P2P traffic, you 
can use ipp2p module, available through patch-o-matic or newest code 
from here http://ipp2p.org/ !

    Seems that Shareaza is matched with --gnu !!



[root@correio ~]# iptables -m ipp2p --help
[ ........ ]
IPP2P v0.7.2 options:
 --ipp2p        Grab all known p2p packets
 --ipp2p-data   Identify all known p2p download commands (obsolete)

 --edk          [TCP&UDP]       All known eDonkey/eMule/Overnet packets
 --dc           [TCP]           All known Direct Connect packets
 --kazaa        [TCP&UDP]       All known KaZaA packets
 --gnu          [TCP&UDP]       All known Gnutella packets
 --bit          [TCP&UDP]       All known BitTorrent packets
 --apple        [TCP]           All known AppleJuice packets (beta - 
just a few tests until now)
 --winmx        [TCP]           All known WinMX (beta - need feedback)
 --soul         [TCP]           All known SoulSeek (beta - need feedback!)
 --ares         [TCP]           All known Ares - use with DROP only 
(beta - need feedback!)

 --edk-data     [TCP]           eDonkey/eMule/Overnet download commands 
(obsolete)
 --dc-data      [TCP]           Direct Connect download command (obsolete)
 --kazaa-data   [TCP]           KaZaA download command (obsolete)
 --gnu-data     [TCP]           Gnutella download command (obsolete)

Note that the follwing options will have the same meaning:
 '--ipp2p' is equal to '--edk --dc --kazaa --gnu'
 '--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'

IPP2P was intended for TCP only. Due to increasing usage of UDP we 
needed to change this.
You can now use -p udp to search UDP packets only or without -p switch 
to search UDP and TCP packets.

See README included with this package for more details or visit 
http://www.ipp2p.org

Examples:
 iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
 iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
 iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP

iptables -m ipp2p --help                       
[root@correio ~]#

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

Re: [LARTC] shareaza

[Georgi Alexandrov]

Leonardo Rodrigues Magalhães wrote:

>
>>>
>>> Is there any way to do that? How can I keep track of the
>>> traffic generated by shareaza only?
>>>
>> Perhaps you need something like l7-filter.sf.net ?
>>
>
> Maybe l7-filter is not necessary. For classifying P2P traffic, you can 
> use ipp2p module, available through patch-o-matic or newest code from 
> here http://ipp2p.org/ !
>
> Seems that Shareaza is matched with --gnu !!
>
>
>
> [root@correio ~]# iptables -m ipp2p --help
> [ ........ ]
> IPP2P v0.7.2 options:
> --ipp2p Grab all known p2p packets
> --ipp2p-data Identify all known p2p download commands (obsolete)
>
> --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
> --dc [TCP] All known Direct Connect packets
> --kazaa [TCP&UDP] All known KaZaA packets
> --gnu [TCP&UDP] All known Gnutella packets
> --bit [TCP&UDP] All known BitTorrent packets
> --apple [TCP] All known AppleJuice packets (beta - just a few tests 
> until now)
> --winmx [TCP] All known WinMX (beta - need feedback)
> --soul [TCP] All known SoulSeek (beta - need feedback!)
> --ares [TCP] All known Ares - use with DROP only (beta - need feedback!)
>
> --edk-data [TCP] eDonkey/eMule/Overnet download commands (obsolete)
> --dc-data [TCP] Direct Connect download command (obsolete)
> --kazaa-data [TCP] KaZaA download command (obsolete)
> --gnu-data [TCP] Gnutella download command (obsolete)
>
> Note that the follwing options will have the same meaning:
> '--ipp2p' is equal to '--edk --dc --kazaa --gnu'
> '--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'
>
> IPP2P was intended for TCP only. Due to increasing usage of UDP we 
> needed to change this.
> You can now use -p udp to search UDP packets only or without -p switch 
> to search UDP and TCP packets.
>
> See README included with this package for more details or visit 
> http://www.ipp2p.org
>
> Examples:
> iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
> iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
> iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP
>
> iptables -m ipp2p --help [root@correio ~]#
>
I messed it up (sorry list). That was for the lartc mailing list.
I guess I need to shorten the number of lists that I'm subscribed to ;-)


Georgi Alexandrov

P.S.
You're right. ipp2p can also do the trick.