aragonx@xxxxxxxxxx skrev:
Hi,
Can someone tell me what tools I could use to examine outbound packet
data
for the usernames and modify it if it matches a list of accounts we want
to block?
I suggest writing your own netfilter-module that does the packet
inspection, and if a packet matches you can simply return NF_DROP to
instruct the kernel to drop the packet. A good tutorial/book is
available here: http://jengelh.medozas.de/
Maybe you can do something similar with libpcap, but I am not sure if
you can drop packets.
I would love to just drop the packets but this causes the client
application to crash. So I think I need to modify ones that match to an
invalid user name. I've seen it mentioned that libpcap can capture the
traffic, I have not seen where it can modify and then send it on. Can it
do that?
Yes, with Netfilter your modules recieve the skb and it will not be
passed on until the module is finished with it. You can then toy around
with it (including the payload) as much as you want. Section 5.6 in [1]
shows an example of modifying the payload.
I am not sure about libpcap, I haven't used it for a while, but I think
you only receive a copy and thus cannot change what is sent over the
network.
-Kristian
[1] - http://jengelh.medozas.de/documents/Netfilter_Modules.pdf
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
