Re: [LARTC] shareaza

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Leonardo Rodrigues Magalhães wrote:





Is there any way to do that? How can I keep track of the
traffic generated by shareaza only?


Perhaps you need something like l7-filter.sf.net ?
Maybe l7-filter is not necessary. For classifying P2P traffic, you can use ipp2p module, available through patch-o-matic or newest code from here http://ipp2p.org/ ! 

Seems that Shareaza is matched with --gnu !!



[root@correio ~]# iptables -m ipp2p --help
[ ........ ]
IPP2P v0.7.2 options:
--ipp2p Grab all known p2p packets
--ipp2p-data Identify all known p2p download commands (obsolete)

--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
--dc [TCP] All known Direct Connect packets
--kazaa [TCP&UDP] All known KaZaA packets
--gnu [TCP&UDP] All known Gnutella packets
--bit [TCP&UDP] All known BitTorrent packets
--apple [TCP] All known AppleJuice packets (beta - just a few tests until now) 
--winmx [TCP] All known WinMX (beta - need feedback)
--soul [TCP] All known SoulSeek (beta - need feedback!)
--ares [TCP] All known Ares - use with DROP only (beta - need feedback!)

--edk-data [TCP] eDonkey/eMule/Overnet download commands (obsolete)
--dc-data [TCP] Direct Connect download command (obsolete)
--kazaa-data [TCP] KaZaA download command (obsolete)
--gnu-data [TCP] Gnutella download command (obsolete)

Note that the follwing options will have the same meaning:
'--ipp2p' is equal to '--edk --dc --kazaa --gnu'
'--ipp2p-data' is equal to '--edk-data --dc-data --kazaa-data --gnu-data'
IPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this. You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.
See README included with this package for more details or visit http://www.ipp2p.org 

Examples:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP

iptables -m ipp2p --help [root@correio ~]#


I messed it up (sorry list). That was for the lartc mailing list.
I guess I need to shorten the number of lists that I'm subscribed to ;-)


Georgi Alexandrov

P.S.
You're right. ipp2p can also do the trick.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux