Hi Marcin, iptables and netfilter will not do the job, unless you are willing to sacrifice stability and security. The problem is that the strings that netfilter will see are broken down into smaller pieces. So the string "iptables and netfilter" might actually be transmitted as "iptables and" and then "netfilter" in a separate packet. On top of this, people might try to intentionally break your filters by fragmenting the above string into "i", "p", "t", ... etc packets. The good thing to do in this case, is to wait until the TCP stream has reached the application layer and has been reassembled properly. Hence, you will want to either write your own proxy, or to use someone elses proxy. If you want to use it, I just uploaded a tunnel/proxy program to http://www.frozentux.net/stunnel.tgz. This is an unfinished program I started on a couple of years ago. It is written in C. It is horribly coded and pretty much sucks, but it has no memory leaks and might serve as a starting point. Have a nice day;). On Thu, 2005-10-27 at 11:40 +0200, Marcin Giedz wrote: > Dnia czwartek, 27 października 2005 11:09, Ruprecht Helms napisał: > > Marcin Giedz wrote: > > > I don't get it :( > > > How with tcpdump as tcpdump is only dump traffic tool - as I know it > > > can't change anything or I'm wrong? > > > > You are right. As I know it only dump. > > What you need is a hexeditor or you are looking for a tool that do > > hexediting in the fly. > > Absolutely! > > > > > But that is offtopic in this list. > > But I really don't know where to start? Perhaps some did it earlier. > > Marcin > > > > > Regards, > > Ruprecht >
Attachment:
signature.asc
Description: This is a digitally signed message part
