Re: [ilugd] Reading TCP packets

Wed, 23 Jul 2008 04:39:21 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sudev Barar writes:

> Thanks for info and pointers. My confusion is that with apache running
> web service on port 80 how will system distinguish between http
> request and tcp packet for listening.

You've two take one of the services (httpd, pop3d, sshd, smtpd) down.

OR

Put some kind of proxy in front of the services which will do some
protocol checks on the data and pass the data to the appropriate
service.

OR

You've to use iptables's 'string' and 'state' extension to match NEW
connections with 'GET|PUT|HEAD|POST|DELETE /' strings in them, and
then DNAT or REDIRECT them to the desired internal port (on which
httpd or nc is listening). Once connection is established, then you
can allow all packets of that connection using 'state' extension to
match ESTABLISHED,RELATED packets. BtW, I've not tried such thing
ever, so I'm not sure whether this will work or not.

Quoting from iptables(8):

- ---->8----->8----
   string
       This  modules  matches  a  given  string by using some pattern matching
       strategy. It requires a linux kernel >= 2.6.14.

       --algo  bm|kmp
              Select the pattern matching strategy. (bm = Boyer-Moore,  kmp  =
              Knuth-Pratt-Morris)

       --from offset
              Set the offset from which it starts looking for any matching. If
              not passed, default is 0.

       --to offset
              Set the offset from which it starts looking for any matching. If
              not passed, default is the packet size.

       --string pattern
              Matches  the  given  pattern.   --hex-string pattern Matches the
              given pattern in hex notation.
- ----8<----8<----

In case your service also sends data similar to HTTP requests, then
you've to figure out some other way.

HTH
- -- 
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiHGIgACgkQHy+EEHYuXnQI3ACgo9AP9F7VFhlr85WORQpDy4oP
1eMAnjsFD/cMvlzgln/lcSeedR3qI+x5
=uPuF
-----END PGP SIGNATURE-----

_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Reply via email to