> From: Jason Boxman <jasonb@xxxxxxxxxx> > Reply-To: jasonb@xxxxxxxxxx > Organization: The Vortex > To: lartc@xxxxxxxxxxxxxxx > Subject: Re: New L7-Filter patterns for Kademlia / eMule? > Date: Sat, 25 Sep 2004 19:09:55 -0400 > > On Saturday 25 September 2004 19:10, Alexis wrote: > > uhm, could you capture some packets with ethereal to check the contents > and > > make the new pattern? > > Possibly, but not very easily. The pattern match for edonkey 'classic' is > several dozen hex matches for L7. That was probably nontrivial to decipher. > > I'd expect Kad to be of similar complexity. > I have read that the project ipp2p support kad and emule. http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html I don't test ipp2p, actually i am testing layer7 but i will give a try soon to ipp2p. I want to try too iptables-p2p. http://unix.freshmeat.net/projects/iptables-p2p/ if you want to write your own patterns for a protocol you can start here. This projects is not free: http://www.p2pwatchdog.com/packets.html well if someone have probed any of this projects i like to now your opinion. Now i am testing layer7 and have rule for bittorrent, fastrack, edonkey, directconnect and audiogalaxy nico _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
