The application information is filtered by the L7 module from the DATA part of the TCP/IP packet. For example, the filter sees a TCP packet, destined for port 1110. It then inspects the data in the packet and sees something like GET / HTTP1.1 / www.bla.bla <http://www.bla.bla/> The module, then knows it is an HTTP packet on port 1110. Or it sees something like PORT xxxx,xxxx and then knows it is FTP on port 1110 Now I'm not familiar with nfsim, but it seems, that to test this L7 module, you would need to manually create the data part of the packets, if that is at all possible. I don't think it can simulate that much. Therefor I would say, testing this with real-time traffic is easier, faster and more reliable. -Sietse ________________________________ From: veera kumar [mailto:veera_kumar2983@xxxxxxxxxxx] Sent: Tue 23-May-06 11:12 To: Sietse van Zanen Cc: netfilter Subject: RE: l7-layer Hi zanen, Its good to see your reply.The Layer7-filter feature works as a firewall and classifies packets based on L7 information instead of port numbers(e.g Suppose client use 1110 is a http port number). You can find the L7 feature Documentation here. http://l7-filter.sourceforge.net/ I dont need generate traffic from real time(e.g ftp ftp.some.where).I have to generate traffic fron nfsim using the command gen_ip. Thanks veera --- Sietse van Zanen <sietse@xxxxxxxxx> wrote: > Hi Veera, > > I would say, that doing an ftp ftp.some.where would > generate traffic based upon the ftp appliaction. > All the L7 information is included in the TCP/UDP > packet which you are inspecting with your module. > > Maybe you need to be a bit more specific about what > you want to inspect/filter with your module and how. > > Sietse > > ________________________________ > > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on > behalf of veera kumar > Sent: Tue 23-May-06 9:30 > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: l7-layer > > > > Hi, > I have done a netfilter module Which is support to > Layer 7.I can able to compile our module with nfsim > and tested the other functionalities.I have to test > the Layer7 feature with nfsim.How can i generate the > traffic > based on application (e.g.ftp,ssh) rather than port > numbers. > > I really appreciate your inputs here.;) > > Thanks > veera > > Send instant messages to your online friends > http://in.messenger.yahoo.com <http://in.messenger.yahoo.com/> > <http://in.messenger.yahoo.com/> > > > > Send instant messages to your online friends http://in.messenger.yahoo.com <http://in.messenger.yahoo.com/>
