gnutella

gnutella

[Michel Bellemare]

is there any way to log all the traffic that uses the gnutella protocol?
i searched in the mailing list and google and found nothing.

I looked to at a tcpdump capture and it never uses the same port...

basically i want to control the number of bytes that goes out using
this protocol.

thank you very much!

Re: gnutella

[Jason Opperisano]

On Thu, Oct 21, 2004 at 10:23:45AM -0400, Michel Bellemare wrote:
> is there any way to log all the traffic that uses the gnutella protocol?
> i searched in the mailing list and google and found nothing.
> 
> I looked to at a tcpdump capture and it never uses the same port...
> 
> basically i want to control the number of bytes that goes out using
> this protocol.
> 
> thank you very much!

you need a layer-7 classifier to magically figure out whether traffic on
port X is gnutella traffic.

you can try looking at:

  http://l7-filter.sourceforge.net/

-j

-- 
Jason Opperisano <opie@817west.com>

Re: gnutella

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 759 bytes --]

You can do this for local traffic by using the owner module and :
	--cmd-owner
For a whole network I see any solutions but slightly modify the NuFW
system to be able to mark packet with an uid corresponding to the
application (same way it can mark with userid).

On Thu, 2004-10-21 at 10:23 -0400, Michel Bellemare wrote:
> is there any way to log all the traffic that uses the gnutella protocol?
> i searched in the mailing list and google and found nothing.
> 
> I looked to at a tcpdump capture and it never uses the same port...
> 
> basically i want to control the number of bytes that goes out using
> this protocol.
> 
> thank you very much!
> 
-- 
Eric Leblond <eric@regit.org>
NuFW, Now User Filtering Works : http://www.nufw.org

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

RE: gnutella

[Deepak Seshadri]

Hello Michel,

You need layer7 functionality in iptables. There is a good pattern available
for matching gnutella packets with layer7 module. Using the MARK option and
traffic control (tc) you will be able to restrict the bandwidth consumed by
the application.

Here is the documentation on this module:
http://l7-filter.sourceforge.net/


Hope this helps!
Regards,

Deepak Seshadri


> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-
> bounces@lists.netfilter.org] On Behalf Of Michel Bellemare
> Sent: Thursday, October 21, 2004 10:24 AM
> To: Netfilter Group
> Subject: gnutella
> 
> is there any way to log all the traffic that uses the gnutella protocol?
> i searched in the mailing list and google and found nothing.
> 
> I looked to at a tcpdump capture and it never uses the same port...
> 
> basically i want to control the number of bytes that goes out using
> this protocol.
> 
> thank you very much!

Re: gnutella

[Michel Bellemare]

And is there any way to log how many bytes the application is using
with each packet?


On Thu, 21 Oct 2004 16:33:27 +0200, Eric Leblond <eric@inl.fr> wrote:
> You can do this for local traffic by using the owner module and :
>         --cmd-owner
> For a whole network I see any solutions but slightly modify the NuFW
> system to be able to mark packet with an uid corresponding to the
> application (same way it can mark with userid).
> 
> 
> 
> On Thu, 2004-10-21 at 10:23 -0400, Michel Bellemare wrote:
> > is there any way to log all the traffic that uses the gnutella protocol?
> > i searched in the mailing list and google and found nothing.
> >
> > I looked to at a tcpdump capture and it never uses the same port...
> >
> > basically i want to control the number of bytes that goes out using
> > this protocol.
> >
> > thank you very much!
> > 
> --
> Eric Leblond <eric@regit.org>
> NuFW, Now User Filtering Works : http://www.nufw.org
> 
> 
>