Dnia czwartek, 27 października 2005 12:04, Oskar Andreasson napisał: > Hi Marcin, > > iptables and netfilter will not do the job, unless you are willing to > sacrifice stability and security. The problem is that the strings that > netfilter will see are broken down into smaller pieces. So the string > "iptables and netfilter" might actually be transmitted as "iptables and" > and then "netfilter" in a separate packet. On top of this, people might > try to intentionally break your filters by fragmenting the above string > into "i", "p", "t", ... etc packets. > > The good thing to do in this case, is to wait until the TCP stream has > reached the application layer and has been reassembled properly. Hence, > you will want to either write your own proxy, or to use someone elses > proxy. > > If you want to use it, I just uploaded a tunnel/proxy program to > http://www.frozentux.net/stunnel.tgz. This is an unfinished program I > started on a couple of years ago. It is written in C. It is horribly > coded and pretty much sucks, but it has no memory leaks and might serve > as a starting point. Great!!! Really thanks but I just can't reach your program - above address doesn't work :( Could you please do something or send the program on my private mail. Thanks once again, Marcin > > Have a nice day;). > > On Thu, 2005-10-27 at 11:40 +0200, Marcin Giedz wrote: > > Dnia czwartek, 27 października 2005 11:09, Ruprecht Helms napisał: > > > Marcin Giedz wrote: > > > > I don't get it :( > > > > How with tcpdump as tcpdump is only dump traffic tool - as I know it > > > > can't change anything or I'm wrong? > > > > > > You are right. As I know it only dump. > > > What you need is a hexeditor or you are looking for a tool that do > > > hexediting in the fly. > > > > Absolutely! > > > > > But that is offtopic in this list. > > > > But I really don't know where to start? Perhaps some did it earlier. > > > > Marcin > > > > > Regards, > > > Ruprecht
